Hey Jim. I had issues with installing certs on BQ, so this will be an interesting read.
Doug On Fri, Jan 7, 2011 at 12:04 PM, Jim Dory <[email protected]> wrote: > Hoping someone can offer some advice or answers to installing a wild > card SSL certificate. > > I currently have working a cert for www.nomealaska.org but want one for > webmail.nomealaska.org as well. I may start up a ftp.nomealaska.org too > so figure a wild card would simplify. > > My cert files right now are in /home/.sites/XXX/siteX/certs and include > ca-certs, certificate, and key. I've backed these up in same directory. > > I'm getting the certs from our registrar www.register.com which seem > priced competitively. I think for the previous cert I received from them > certificate.crt, Intermediary_Certificate_1.crt, > Intermediary_Certificate_2.crt, and Root_Certificate.crt. I also have a > signing-request.txt file along with them that may have been generated by > the BX GUI? I think I know to paste the Intermediary and Root crt files > into one file named nomealaska.org.ca.crt, then when installing via GUI > it becomes certificate.crt? And when copying to my certs directory > rename it to certificate? > > I should use the BX GUI and install them as c1, c2, and c3 but not clear > on the order. c3 = Root_Certificate.crt? This part gets real muddy for me. > > So my first task is generating a request. I was looking on Apache's site > and found and tried this command for wild cards: > openssl req -new -newkey rsa:2048 -nodes -out star_nomealaska_org.csr > -keyout star_nomealaska_org.key -subj "/C=US/ST=Alaska/L=Nome/O=City of > Nome/CN=*.nomealaska.org" > > all one line. > > That produced star_nomealaska.org.csr and star_nomealaska.org.key. I > assume the key will be the private key and I can keep it named as it is? > If these are date sensitive (I did them yesterday but will try to buy > cert today) maybe I should redo that command for today? > > So after purchasing the cert, I put them in the vhost's certs directory > as I mentioned above. Then I believe I need to install them using the BX > GUI. In the GUI there is an Import button, but also a Manage Cert > Authorities. If I go to the Manage button, there is a Certificate > Authority Name blank under Add. Shall I put *.nomealaska.org there or is > that for register.com, the issuing company? > > There is also a Remove radio button there, with Current Certificate > Authorities C2, C1, and C3. I assume to remove them first? > > Hopefully someone can get me started - I can at least get the cert > purchased and ready to install if I know the request is proper. > > One last concern is this site is now named www.nomealaska.org but as we > are migrating to a hosted company for web, I will rename it to > nomealaska.org with webmail.nomealaska.org as alias. Hopefully this > won't be an issue, especially with a wild card cert. > > thanks, JD > > > -- > Jim Dory > Engineering > City of Nome > PO Box 281 > 102 Division St. > Nome, AK 99762 > 907.443.6604 > > http://www.nomealaska.org > > _______________________________________________ > Blueonyx mailing list > [email protected] > http://www.blueonyx.it/mailman/listinfo/blueonyx >
_______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
