First, generate the private key: openssl genrsa -out site.key 3072 Then generate the certificate signing request: openssl req -new -key site.key -out site.csr
Upload the CSR file to the certificate authority for signing. One extra thing that I would also recommend is that you chmod the keyfile to permissions 400 and chown to root. Since the private key needs to remain secret, you want to ensure that it's never readable by anybody other than root (which is presumably how the server will be started). On Sat, May 23, 2015 at 5:33 PM, John F. Eldredge <[email protected]> wrote: > What are the steps to take to generate a certificate request? > > > > > On May 23, 2015 5:20:22 PM Tilghman Lesher <[email protected]> wrote: > >> If you want a free server certificate, you can obtain one at >> startssl.com, for one. Note that you have to first get your identity >> certificate, install it in your browser, then use that to connect. >> You then can verify ownership of a domain and have a certificate >> signed. For security reasons, I highly recommend generating your own >> certificate request and getting it signed by them, rather than having >> them generate the private key and certificate for you. You can >> otherwise never be certain that another party hasn't retained your >> private key. >> >> On Sat, May 23, 2015 at 4:37 PM, John F. Eldredge <[email protected]> >> wrote: >> > I want to try using my phone's Gmail app to read from my personal email >> > account at jfeldredge.com. Unfortunately, it would seem that the Gmail >> > app >> > will not accept the self-signed certificate I have been using. I applied >> > for, and received, a free email certificate issued by Comodo Inc. >> > Looking >> > further at the rather limited documentation, however, it appears that >> > this >> > may be intended for client-side use, for signing email messages and >> > decrypting signed email messages, rather than being installed on the >> > email >> > server. Is this the case, meaning that a separate SSL certificate will >> > be >> > needed on the server, or can this email certificate be exported from my >> > laptop and imported into the mail server? Unfortunately, my hosting >> > company's tech support department apparently closed for the holiday >> > weekend, >> > or else I would ask them. >> > >> > >> > -- >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "NLUG" group. >> > To post to this group, send email to [email protected] >> > To unsubscribe from this group, send email to >> > [email protected] >> > For more options, visit this group at >> > http://groups.google.com/group/nlug-talk?hl=en >> > >> > --- You received this message because you are subscribed to the Google >> > Groups "NLUG" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> Tilghman >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- You received this message because you are subscribed to the Google > Groups "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- Tilghman -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
