Thanks! I have put your instructions in the certificates sites page: https://sites.google.com/a/waveprotocol.org/wave-protocol/federation/certificates
On Tue, Oct 19, 2010 at 5:42 AM, Vega <[email protected]> wrote: > I combined all the instructions for the certificate generation. I > still had no chance to verify that they are valid for federation, but > at least they seem to work OK. > > --Generate encrypted private key. You will be asked for passphrase, > make sure it is at least 10 characters. > openssl genrsa -des3 -out example.com.encrypted.key 2048 > > --Generate certificate request, you will be asked for passphrase from > above. After that you will be asked to fill in a bunch of details. > IMPORTANT - the Common Name should be in the form wave.example.com. > > openssl req -new -key example.com.encrypted.key -out example.com.csr > > --With this certificate you can go to https://www.startssl.com. Sign > in, or sign up. To sign up you will need to provide email that you can > validate, then log out and log in again - click in Authenticate - you > will be asked for (email)certificate that was generated in the sign up > process. Go to control panel. Click on the Validations Wizard and > choose Domain Name Validation where you have to validate you domain, > i.e. example com. After that, go to Certificates Wizard and choose > XMPP certificate. In the private key generation step you should click > on "skip" and in the next step paste the certificate request that was > generated earlier, i.e. contents of the example.com.csr. After that > proceed to choose your domain, i.e. example.com, in the subdomain you > need to enter "wave", i.e. http://wave.example.com. Click on continue > untill finish. After that you will have your signed certificate. Save > it as example.com.crt. You will also need you intermediate certificate > - i.e. sub.class1.server.ca.pem and the Certification Authority > certificate - ca.pem. You can download them from the site: ToolBox- >>StartCom CA Certificates. So by now you have 5 files: > > example.com.encrypted.key > example.com.crt > example.com.csr > sub.class1.server.ca.pem > ca.pem > > Make sure to backup the private key and signed certificate > (example.com.encrypted.key example.com.crt) and put it somewhere in a > safe place. > But we are not done yet. Now let's remove the passphrase from the > private key with: > > openssl rsa -in example.com.encrypted.key -out > example.com.nonencrypted.key > > --then convert the key to a different format with: > > openssl pkcs8 -topk8 -nocrypt -in example.com.nonencrypted.key -out > example.com.key > > -- Now we have the private key we can use with waveinabox server and a > certificate signed by StartCom. > > On Oct 18, 7:11 pm, Vega <[email protected]> wrote: >> Well, I guess if someone would like to host waveinabox server that >> would accept these certificates - nothing can stop him - after all the >> source is open :) >> >> On Oct 18, 6:35 pm, Peter Saint-Andre <[email protected]> wrote: >> >> >> >> > On 10/18/10 9:08 AM, Vega wrote: >> >> > > Is it possible to consider to add CAcert to the default trust roots? >> > > It can allow another option in addition to StartCom. Moreover CAcert >> > > is totally free and more flexible and therefore more suits the Wave >> > > nature. >> >> > The point of a CA is not to be free and flexible, but to be secure. >> >> > Peter >> >> > -- >> > Peter Saint-Andrehttps://stpeter.im/ >> >> > smime.p7s >> > 8KViewDownload > > -- > You received this message because you are subscribed to the Google Groups > "Wave Protocol" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/wave-protocol?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en.
