Hoping someone can offer some advice or answers to installing a wild card SSL certificate.
I currently have working a cert for www.nomealaska.org but want one for webmail.nomealaska.org as well. I may start up a ftp.nomealaska.org too so figure a wild card would simplify. My cert files right now are in /home/.sites/XXX/siteX/certs and include ca-certs, certificate, and key. I've backed these up in same directory. I'm getting the certs from our registrar www.register.com which seem priced competitively. I think for the previous cert I received from them certificate.crt, Intermediary_Certificate_1.crt, Intermediary_Certificate_2.crt, and Root_Certificate.crt. I also have a signing-request.txt file along with them that may have been generated by the BX GUI? I think I know to paste the Intermediary and Root crt files into one file named nomealaska.org.ca.crt, then when installing via GUI it becomes certificate.crt? And when copying to my certs directory rename it to certificate? I should use the BX GUI and install them as c1, c2, and c3 but not clear on the order. c3 = Root_Certificate.crt? This part gets real muddy for me. So my first task is generating a request. I was looking on Apache's site and found and tried this command for wild cards: openssl req -new -newkey rsa:2048 -nodes -out star_nomealaska_org.csr -keyout star_nomealaska_org.key -subj "/C=US/ST=Alaska/L=Nome/O=City of Nome/CN=*.nomealaska.org" all one line. That produced star_nomealaska.org.csr and star_nomealaska.org.key. I assume the key will be the private key and I can keep it named as it is? If these are date sensitive (I did them yesterday but will try to buy cert today) maybe I should redo that command for today? So after purchasing the cert, I put them in the vhost's certs directory as I mentioned above. Then I believe I need to install them using the BX GUI. In the GUI there is an Import button, but also a Manage Cert Authorities. If I go to the Manage button, there is a Certificate Authority Name blank under Add. Shall I put *.nomealaska.org there or is that for register.com, the issuing company? There is also a Remove radio button there, with Current Certificate Authorities C2, C1, and C3. I assume to remove them first? Hopefully someone can get me started - I can at least get the cert purchased and ready to install if I know the request is proper. One last concern is this site is now named www.nomealaska.org but as we are migrating to a hosted company for web, I will rename it to nomealaska.org with webmail.nomealaska.org as alias. Hopefully this won't be an issue, especially with a wild card cert. thanks, JD -- Jim Dory Engineering City of Nome PO Box 281 102 Division St. Nome, AK 99762 907.443.6604 http://www.nomealaska.org _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
