On Tue, 2010-03-16 at 11:13 -0600, Merrill Oveson wrote: > After poking around, I learned how to generate both the key and csr > file. I can tell godaddy the contents of the csr file. > > Now how do I get a new crt file. I do need a new one, correct? > I called tech support @ godaddy but the guy was clueless.
key = private key (keep it secret, keep it safe) csr = certificate signing request crt = certificate SSL/TLS is based on public/private key pairs. A certificate is basically a fancy public key. When you send godaddy a csr file, you're basically sending them a copy of your public key plus metadata like the server's fully qualified domain name (FQDN) and your company's contact information. The certificate authority (CA, godaddy) is responsible for verifying this metadata. Some companies are more thorough than others. At the high end they may require documents to be faxed, call back numbers to be called, etc. At the low end, they may merely require proof that you have control of a specific email address. Once the CA is satisfied they sign your csr, thereby turning it into a certificate. They'll then email you your certificate, or provide you a URL to download it, or some such. There are multiple certificate file formats. I haven't ever worked with godaddy, but they I expect they'll provide the certificate in the exact format required for a crt file. If not, it isn't hard to convert formats. Note that it is safe for this entire process to take place over an insecure channel like email. The certificate is not sensitive. Only the private key is sensitive. Your private key should never leave your server or be readable by regular users. -- "XML is like violence: if it doesn't solve your problem, you aren't using enough of it." - Chris Maden /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
