From HEXONET Wiki
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | {{Sidebar}} | + | {{Sidebar}}__NOTOC__ |
− | __NOTOC__ | + | |
− | + | ||
− | + | ||
<h2>Creating a SSL certificate</h2> | <h2>Creating a SSL certificate</h2> | ||
Line 11: | Line 8: | ||
For a basic CreateSSLCert command only a few parameters are required ''(Requirements for the CreateSSLCert command can be different for specific SSLCERT products.)''. | For a basic CreateSSLCert command only a few parameters are required ''(Requirements for the CreateSSLCert command can be different for specific SSLCERT products.)''. | ||
− | + | ||
+ | Please have a look at the {{Template:Pdf|XIRCA_SSLCERT_API_Reference1.1.pdf| SSLCERT API-Manual}} for a current list of allowed parameters. | ||
<b>All available parameters:</b> | <b>All available parameters:</b> |
Latest revision as of 18:37, 26 March 2014
Creating a SSL certificate
Before creating a SSL certificate you first have to create a CSR file. When creating a CSR file, please note that only the following local parts of the email adresse are allowed: admin, administrator, hostmaster, postmaster, root, webmaster should be used for the certificate registration.
A documentation on howto create a CSR-file can be found here: How to create a CSR-file
For a basic CreateSSLCert command only a few parameters are required (Requirements for the CreateSSLCert command can be different for specific SSLCERT products.).
Please have a look at the SSLCERT API-Manual for a current list of allowed parameters.
All available parameters:
(required) command = CreateSSLCert sslcertclass = <TEXT> period = <INT> sslcertdomain = <TEXT> | <NULL> csr# = <TEXT> | <NULL> serversoftware = APACHESSL | APACHESSLEAY | APACHE2 | IIS alternatecn# = <TEXT> | <NULL> slottype = <TEXT> | <NULL> organization = <TEXT> | <NULL> firstname = <TEXT> | <NULL> lastname = <TEXT> | <NULL> street = <TEXT> | <NULL> zip = <TEXT> | <NULL> city = <TEXT> | <NULL> country = <TEXT> | <NULL> province = <TEXT> | <NULL> jobtitle = <TEXT> | <NULL> phone = <TEXT> | <NULL> fax = <TEXT> | <NULL> email = <TEXT> | <NULL> admincontactorganization = <TEXT> | <NULL> admincontactfirstname = <TEXT> | <NULL> admincontactlastname = <TEXT> | <NULL> admincontactstreet = <TEXT> | <NULL> admincontactzip = <TEXT> | <NULL> admincontactcity = <TEXT> | <NULL> admincontactcountry = <TEXT> | <NULL> admincontactprovince = <TEXT> | <NULL> admincontactjobtitle = <TEXT> | <NULL> admincontactphone = <TEXT> | <NULL> admincontactfax = <TEXT> | <NULL> admincontactemail = <TEXT> | <NULL> techcontactorganization = <TEXT> | <NULL> techcontactfirstname = <TEXT> | <NULL> techcontactlastname = <TEXT> | <NULL> techcontactname = <TEXT> | <NULL> techcontactstreet = <TEXT> | <NULL> techcontactzip = <TEXT> | <NULL> techcontactcity = <TEXT> | <NULL> techcontactcountry = <TEXT> | <NULL> techcontactprovince = <TEXT> | <NULL> techcontactjobtitle = <TEXT> | <NULL> techcontactphone = <TEXT> | <NULL> techcontactfax = <TEXT> | <NULL> techcontactemail = <TEXT> | <NULL> billingcontactorganization = <TEXT> | <NULL> billingcontactfirstname = <TEXT> | <NULL> billingcontactlastname = <TEXT> | <NULL> billingcontactname = <TEXT> | <NULL> billingcontactstreet = <TEXT> | <NULL> billingcontactzip = <TEXT> | <NULL> billingcontactcity = <TEXT> | <NULL> billingcontactcountry = <TEXT> | <NULL> billingcontactprovince = <TEXT> | <NULL> billingcontactjobtitle = <TEXT> | <NULL> billingcontactphone = <TEXT> | <NULL> billingcontactfax = <TEXT> | <NULL> billingcontactemail = <TEXT> | <NULL>
RESPONSE
(required) code = (CODE) description = (DESCRIPTION) property[sslcertid][0] = (TEXT)
Examples
Thawte SSL certificates
Ordering a standard Thawte SSL-123 certificate
The following command shows you how to order a Thawte SSL-123 certificate.
command = CreateSSLCert sslcertclass = THAWTE_SSL123 period = 1 csr0 =-----BEGIN CERTIFICATE REQUEST----- csr1 =MIICxjCCAa4CAQAwgYAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdQcm92aWNlMQ0w csr2 =CwYDVQQHEwRDaXR5MRUwEwYDVQQKEwxFeGFtcGxlIEdtYkgxGDAWBgNVBAMTD3d3 csr3 =dy5leGFtcGxlLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0BleGFtcGxlLmNvbTCC csr4 =ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeWGKlf6S/7ku2SxSdcxT8d csr5 =OS+zA3KWxibaKmXkh3ySBFsnKQeqRChTffilGGYUJ0YbFDrMwwkaHEbJ3UkHx2zb csr6 =MbmXCYEw31qCPm+AN1xvEW6sovzL5hnamMsichlsNrvUbh5WnVrSUo9ZUgMkqiOh csr7 =b5o649MazWMsyZ22EVM7JmmYYscc9Qzq+//ZWMpCAnoWITADsurpNZ5Yh0UkCfxY csr8 =GhBjyMeZTnzNexTCzrOGmcv0Rzbmb39+cOcCNbnavwxbBnG52fVeuqz+xkDzdnDi csr9 =vYeVckbtCTr+CmqKtBYxnItIm+PEYmhtvbHFf/9+qyNjzpRHMzSDFOGSzWCl0tEC csr10 =AwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBz4iUEI/QlJUqOeYB/KF1tVbg/9hRg csr11 =WuJy740RunHWS8CF89RPhZO2bTGXPWhfXcbWBTGMdmww9B3GONYNS662Q0B1Xido csr12 =OSA4M77s41GPiIyOMf3CRU27m0ubpUNfoKwxq2Xj7drgqfBOWRKR0JpD5CugqEbG csr13 =Nc4EbNeA++/dMzQ1feeT7gQbyfncC/J1VDtSSUP1hjXfDzYwgsQ45bwcrbcuLIvr csr14 =yRGJ+XdKC4hlXG7ZtMu+OAH4RSAmRCW5RCs3JqWPmVzFAhLn2ga0U/Oxzraqbcuh csr15 =zdpHXuhFE31q0NGLNRt2gNSCa41pUyTgubM0Q5Jm5TaG8i0Or0ZxjpnY csr16 =-----END CERTIFICATE REQUEST----- serversoftware = APACHESSL organization = Example GmbH firstname = Max lastname = SSLTester street = Streetname zip = 12345 city = Testcity province = Berlin country = DE jobtitle = CEO phone = 0686545566 fax = 0686545566 email = [email protected]
Starfield SSL certificates
Ordering a Starfield Standard certificate
The following command shows you how to order a Starfield Standard certificate.
command = CreateSSLCert sslcertclass = STARFIELD_STANDARD period = 1 csr0 =-----BEGIN CERTIFICATE REQUEST----- csr1 =MIICxjCCAa4CAQAwgYAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdQcm92aWNlMQ0w csr2 =CwYDVQQHEwRDaXR5MRUwEwYDVQQKEwxFeGFtcGxlIEdtYkgxGDAWBgNVBAMTD3d3 csr3 =dy5leGFtcGxlLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0BleGFtcGxlLmNvbTCC csr4 =ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeWGKlf6S/7ku2SxSdcxT8d csr5 =OS+zA3KWxibaKmXkh3ySBFsnKQeqRChTffilGGYUJ0YbFDrMwwkaHEbJ3UkHx2zb csr6 =MbmXCYEw31qCPm+AN1xvEW6sovzL5hnamMsichlsNrvUbh5WnVrSUo9ZUgMkqiOh csr7 =b5o649MazWMsyZ22EVM7JmmYYscc9Qzq+//ZWMpCAnoWITADsurpNZ5Yh0UkCfxY csr8 =GhBjyMeZTnzNexTCzrOGmcv0Rzbmb39+cOcCNbnavwxbBnG52fVeuqz+xkDzdnDi csr9 =vYeVckbtCTr+CmqKtBYxnItIm+PEYmhtvbHFf/9+qyNjzpRHMzSDFOGSzWCl0tEC csr10 =AwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBz4iUEI/QlJUqOeYB/KF1tVbg/9hRg csr11 =WuJy740RunHWS8CF89RPhZO2bTGXPWhfXcbWBTGMdmww9B3GONYNS662Q0B1Xido csr12 =OSA4M77s41GPiIyOMf3CRU27m0ubpUNfoKwxq2Xj7drgqfBOWRKR0JpD5CugqEbG csr13 =Nc4EbNeA++/dMzQ1feeT7gQbyfncC/J1VDtSSUP1hjXfDzYwgsQ45bwcrbcuLIvr csr14 =yRGJ+XdKC4hlXG7ZtMu+OAH4RSAmRCW5RCs3JqWPmVzFAhLn2ga0U/Oxzraqbcuh csr15 =zdpHXuhFE31q0NGLNRt2gNSCa41pUyTgubM0Q5Jm5TaG8i0Or0ZxjpnY csr16 =-----END CERTIFICATE REQUEST----- serversoftware = APACHESSL organization = Example GmbH firstname = Max lastname = SSLTester street = Streetname zip = 12345 city = Testcity province = Berlin country = DE jobtitle = CEO phone = 0686545566 fax = 0686545566 email = [email protected]
Ordering a Starfield Standard Unified certificate
The following command shows you how to order a Starfield Standard Unified certificate.
command = CreateSSLCert sslcertclass = STARFIELD_STANDARD_UNIFIED period = 1 csr0 =-----BEGIN CERTIFICATE REQUEST----- csr1 =MIICxjCCAa4CAQAwgYAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdQcm92aWNlMQ0w csr2 =CwYDVQQHEwRDaXR5MRUwEwYDVQQKEwxFeGFtcGxlIEdtYkgxGDAWBgNVBAMTD3d3 csr3 =dy5leGFtcGxlLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0BleGFtcGxlLmNvbTCC csr4 =ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeWGKlf6S/7ku2SxSdcxT8d csr5 =OS+zA3KWxibaKmXkh3ySBFsnKQeqRChTffilGGYUJ0YbFDrMwwkaHEbJ3UkHx2zb csr6 =MbmXCYEw31qCPm+AN1xvEW6sovzL5hnamMsichlsNrvUbh5WnVrSUo9ZUgMkqiOh csr7 =b5o649MazWMsyZ22EVM7JmmYYscc9Qzq+//ZWMpCAnoWITADsurpNZ5Yh0UkCfxY csr8 =GhBjyMeZTnzNexTCzrOGmcv0Rzbmb39+cOcCNbnavwxbBnG52fVeuqz+xkDzdnDi csr9 =vYeVckbtCTr+CmqKtBYxnItIm+PEYmhtvbHFf/9+qyNjzpRHMzSDFOGSzWCl0tEC csr10 =AwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBz4iUEI/QlJUqOeYB/KF1tVbg/9hRg csr11 =WuJy740RunHWS8CF89RPhZO2bTGXPWhfXcbWBTGMdmww9B3GONYNS662Q0B1Xido csr12 =OSA4M77s41GPiIyOMf3CRU27m0ubpUNfoKwxq2Xj7drgqfBOWRKR0JpD5CugqEbG csr13 =Nc4EbNeA++/dMzQ1feeT7gQbyfncC/J1VDtSSUP1hjXfDzYwgsQ45bwcrbcuLIvr csr14 =yRGJ+XdKC4hlXG7ZtMu+OAH4RSAmRCW5RCs3JqWPmVzFAhLn2ga0U/Oxzraqbcuh csr15 =zdpHXuhFE31q0NGLNRt2gNSCa41pUyTgubM0Q5Jm5TaG8i0Or0ZxjpnY csr16 =-----END CERTIFICATE REQUEST----- slottype = 4 alternatecn0 = mail.example.com alternatecn1 = intranet.example.com alternatecn2 = webinterface.example.com serversoftware = APACHESSL organization = Example GmbH firstname = Max lastname = SSLTester street = Streetname zip = 12345 city = Testcity province = Berlin country = DE jobtitle = CEO phone = 0686545566 fax = 0686545566 email = [email protected]
How install a SSL certificate in your webserver
Apache
1. Copy the certificate to the directory that you designate. This is the directory in which you plan to store your certificate.
(Default: /usr/local/apache/conf/ssl.crt or /etc/httpd/conf/ssl.crt)
2. Open the httpd.conf file in a text editor.
3. Locate the secure virtual host pertaining to your order. You should have the following directives within this virtual host. Please add them if you do not.
SSLCertificateFile /usr/local/apache/conf/ssl.crt/mydomain.com.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mydomain.com.key
Only for Comodo or Starfield certificates:
SSLCertificateChainFile /usr/local/apache/conf/ssl.key/mydomain.com.ca
4. Save the changes and exit the editor.
5. Start or Restart your apache Web server.
(Default: /usr/local/apache/bin/apachectl startssl or /usr/local/apache/bin/apachectl restart).
6. Test your certificate by connecting to your server. Use the https protocol directive (e.g. https://yourserver/) to indicate you wish to use secure HTTP.
Apache 2
1. Copy the certificate to the directory that you designate. This is the directory in which you plan to store your certificate.
(Default: /usr/local/apache2/conf/ssl.crt)
2. Open the apache2.conf file in a text editor.
3. Locate the secure virtual host pertaining to your order. You should have the following directives within this virtual host. Please add them if you do not.
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/mydomain.com.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/mydomain.com.key
Only for Comodo or Stafield certificates:
SSLCertificateChainFile /usr/local/apache/conf/ssl.key/mydomain.com.ca
4. Save the changes and exit the editor.
5. Start or Restart your apache Web server.
(Default: /usr/local/apache2/bin/apachectl stop and /usr/local/apache2/bin/apachectl start).
6. Test your certificate by connecting to your server. Use the https protocol directive (e.g. https://yourserver/) to indicate you wish to use secure HTTP.
Further details can be found in the official apache documentation
Microsoft IIS
1. Select Administrative Tools.
2. Start Internet Services Manager.
3. Open the properties window for the website. You can do this by right clicking on the Default Website and selecting Properties from the menu.
4. Open Directory Security by right clicking on the Directory Security tab
5. Click Server Certificate. The following Wizard will appear:
6. Choose to Process the Pending Request and Install the Certificate. Click Next.
7. Enter the location of your SSL certificate (you may also browse to locate your IIS SSL certificate), and then click Next.
8. Read the summary screen to be sure that you are processing the correct certificate, and then click Next.
9. You will see a confirmation screen. When you have read this information, click Next.
10. You now have an IIS SSL server certificate installed.
If you need to install the Root and Intermediate certificates manually, please see manual installation of Root and Intermediate Certificates.