|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2005
/
2005-05
/
generating CSR and installing certificate
[
generating CSR and installing certificate / ... ]
[
problem with wrong back-ends / "Stefan ... ]
generating CSR and installing certificate
"Maggu, Rajeev" <Rajeev.Kumar(at)t-systems.com.sg> |
2005-05-09 06:34:29 |
[ SNIP ]
|
Hi ,
I am using Pound for enabling SSL for Sun ONE calendar server.
This is done through Open SSL.
Using this setup for the last 2 years.
Now my certificate is expired and need to renew the certificate.
The ceritificate issuer is expecting me to send a CSR, then only they can issue
a certificate.
Can anybody let me know how to generate CSR and how to install the new
certificate.?
Thanks and Regards,
Rajeev Kumar
|
|
|
Re: generating CSR and installing certificate
Peter van Dijk <peter(at)nextgear.nl> |
2005-05-09 16:08:51 |
[ SNIP ]
|
On Mon, May 09, 2005 at 12:34:29PM +0800, Maggu, Rajeev wrote:
> Can anybody let me know how to generate CSR and how to install the new
certificate.?
Hi Rajeev,
the incantation
openssl req -new -nodes -keyout yourname.key -out yourname.csr
yields .key and .csr files for your server. Remember to enter your
exact https hostname (without https://) in the Common Name field.
Send the .csr to your Certificate Authority. They will provide you with
a .crt file. cat the .crt and the .key together in yourname.pem, and
tell Pound to use this file. If necessary, also add your CA's certificate
chain bundle to this file.
Good luck :)
Regards,
Peter van Dijk
|
|
|
Re: generating CSR and installing certificate
Jonathan Cyr <cyrj(at)cyr.info> |
2005-05-09 18:49:36 |
[ SNIP ]
|
Hi,
When I went through this process the first time, I found the OReilly
book, Linux Security Cookbook, and it's chapters on OpenSSL very helpful.
BTW, Beware of Verisign Class 3 and Pound, something's wrong with
Verisign's CSR process, not Pound.
-Jon Cyr
cyrj(at)cyr.info
Peter van Dijk wrote:
>On Mon, May 09, 2005 at 12:34:29PM +0800, Maggu, Rajeev wrote:
>
>
>>Can anybody let me know how to generate CSR and how to install the new
certificate.?
>>
>>
>
>Hi Rajeev,
>
>the incantation
>
> openssl req -new -nodes -keyout yourname.key -out yourname.csr
>
>yields .key and .csr files for your server. Remember to enter your
>exact https hostname (without https://) in the Common Name field.
>
>Send the .csr to your Certificate Authority. They will provide you with
>a .crt file. cat the .crt and the .key together in yourname.pem, and
>tell Pound to use this file. If necessary, also add your CA's certificate
>chain bundle to this file.
>
>Good luck :)
>
>Regards,
>Peter van Dijk
>
>
>
>
|
|
|
|
