Personal tools

From HEXONET Wiki

Revision as of 18:33, 26 March 2014 by WikiAdmin (Talk | contribs)

Jump to: navigation, search

Creating a SSL certificate

Before creating a SSL certificate you first have to create a CSR file. When creating a CSR file, please note that only the following local parts of the email adresse are allowed: admin, administrator, hostmaster, postmaster, root, webmaster should be used for the certificate registration.

A documentation on howto create a CSR-file can be found here: How to create a CSR-file

For a basic CreateSSLCert command only a few parameters are required (Requirements for the CreateSSLCert command can be different for specific SSLCERT products.).

Please have a look at the SSLCERT API-Manual for a current list of allowed parameters.

All available parameters:

(required)
command = CreateSSLCert
sslcertclass = <TEXT>
period = <INT>

sslcertdomain = <TEXT> | <NULL>
csr# = <TEXT> | <NULL>
serversoftware = APACHESSL | APACHESSLEAY | APACHE2 | IIS
alternatecn# = <TEXT> | <NULL>
slottype = <TEXT> | <NULL>

organization = <TEXT> | <NULL>
firstname = <TEXT> | <NULL>
lastname = <TEXT> | <NULL>
street = <TEXT> | <NULL>
zip = <TEXT> | <NULL>
city = <TEXT> | <NULL>
country = <TEXT> | <NULL>
province = <TEXT> | <NULL>
jobtitle = <TEXT> | <NULL>
phone = <TEXT> | <NULL>
fax = <TEXT> | <NULL>
email = <TEXT> | <NULL>

admincontactorganization = <TEXT> | <NULL>
admincontactfirstname = <TEXT> | <NULL>
admincontactlastname = <TEXT> | <NULL>
admincontactstreet = <TEXT> | <NULL>
admincontactzip = <TEXT> | <NULL>
admincontactcity = <TEXT> | <NULL>
admincontactcountry = <TEXT> | <NULL>
admincontactprovince = <TEXT> | <NULL>
admincontactjobtitle = <TEXT> | <NULL>
admincontactphone = <TEXT> | <NULL>
admincontactfax = <TEXT> | <NULL>
admincontactemail = <TEXT> | <NULL>

techcontactorganization = <TEXT> | <NULL>
techcontactfirstname = <TEXT> | <NULL>
techcontactlastname = <TEXT> | <NULL>
techcontactname = <TEXT> | <NULL>
techcontactstreet = <TEXT> | <NULL>
techcontactzip = <TEXT> | <NULL>
techcontactcity = <TEXT> | <NULL>
techcontactcountry = <TEXT> | <NULL>
techcontactprovince = <TEXT> | <NULL>
techcontactjobtitle = <TEXT> | <NULL>
techcontactphone = <TEXT> | <NULL>
techcontactfax = <TEXT> | <NULL>
techcontactemail = <TEXT> | <NULL>

billingcontactorganization = <TEXT> | <NULL>
billingcontactfirstname = <TEXT> | <NULL>
billingcontactlastname = <TEXT> | <NULL>
billingcontactname = <TEXT> | <NULL>
billingcontactstreet = <TEXT> | <NULL>
billingcontactzip = <TEXT> | <NULL>
billingcontactcity = <TEXT> | <NULL>
billingcontactcountry = <TEXT> | <NULL>
billingcontactprovince = <TEXT> | <NULL>
billingcontactjobtitle = <TEXT> | <NULL>
billingcontactphone = <TEXT> | <NULL>
billingcontactfax = <TEXT> | <NULL>
billingcontactemail = <TEXT> | <NULL>

RESPONSE

(required)
code        = (CODE)
description = (DESCRIPTION)
property[sslcertid][0] = (TEXT)

Examples

Thawte SSL certificates

Ordering a standard Thawte SSL-123 certificate

The following command shows you how to order a Thawte SSL-123 certificate.

command = CreateSSLCert
sslcertclass =  THAWTE_SSL123
period = 1
csr0 =-----BEGIN CERTIFICATE REQUEST-----
csr1 =MIICxjCCAa4CAQAwgYAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdQcm92aWNlMQ0w
csr2 =CwYDVQQHEwRDaXR5MRUwEwYDVQQKEwxFeGFtcGxlIEdtYkgxGDAWBgNVBAMTD3d3
csr3 =dy5leGFtcGxlLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0BleGFtcGxlLmNvbTCC
csr4 =ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeWGKlf6S/7ku2SxSdcxT8d
csr5 =OS+zA3KWxibaKmXkh3ySBFsnKQeqRChTffilGGYUJ0YbFDrMwwkaHEbJ3UkHx2zb
csr6 =MbmXCYEw31qCPm+AN1xvEW6sovzL5hnamMsichlsNrvUbh5WnVrSUo9ZUgMkqiOh
csr7 =b5o649MazWMsyZ22EVM7JmmYYscc9Qzq+//ZWMpCAnoWITADsurpNZ5Yh0UkCfxY
csr8 =GhBjyMeZTnzNexTCzrOGmcv0Rzbmb39+cOcCNbnavwxbBnG52fVeuqz+xkDzdnDi
csr9 =vYeVckbtCTr+CmqKtBYxnItIm+PEYmhtvbHFf/9+qyNjzpRHMzSDFOGSzWCl0tEC
csr10 =AwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBz4iUEI/QlJUqOeYB/KF1tVbg/9hRg
csr11 =WuJy740RunHWS8CF89RPhZO2bTGXPWhfXcbWBTGMdmww9B3GONYNS662Q0B1Xido
csr12 =OSA4M77s41GPiIyOMf3CRU27m0ubpUNfoKwxq2Xj7drgqfBOWRKR0JpD5CugqEbG
csr13 =Nc4EbNeA++/dMzQ1feeT7gQbyfncC/J1VDtSSUP1hjXfDzYwgsQ45bwcrbcuLIvr
csr14 =yRGJ+XdKC4hlXG7ZtMu+OAH4RSAmRCW5RCs3JqWPmVzFAhLn2ga0U/Oxzraqbcuh
csr15 =zdpHXuhFE31q0NGLNRt2gNSCa41pUyTgubM0Q5Jm5TaG8i0Or0ZxjpnY
csr16 =-----END CERTIFICATE REQUEST-----
serversoftware = APACHESSL
organization = Example GmbH
firstname = Max
lastname = SSLTester
street = Streetname
zip = 12345
city =  Testcity
province = Berlin
country = DE
jobtitle = CEO
phone = 0686545566
fax = 0686545566
email = [email protected]

Starfield SSL certificates

Ordering a Starfield Standard certificate

The following command shows you how to order a Starfield Standard certificate.

command = CreateSSLCert
sslcertclass = STARFIELD_STANDARD
period = 1
csr0 =-----BEGIN CERTIFICATE REQUEST-----
csr1 =MIICxjCCAa4CAQAwgYAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdQcm92aWNlMQ0w
csr2 =CwYDVQQHEwRDaXR5MRUwEwYDVQQKEwxFeGFtcGxlIEdtYkgxGDAWBgNVBAMTD3d3
csr3 =dy5leGFtcGxlLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0BleGFtcGxlLmNvbTCC
csr4 =ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeWGKlf6S/7ku2SxSdcxT8d
csr5 =OS+zA3KWxibaKmXkh3ySBFsnKQeqRChTffilGGYUJ0YbFDrMwwkaHEbJ3UkHx2zb
csr6 =MbmXCYEw31qCPm+AN1xvEW6sovzL5hnamMsichlsNrvUbh5WnVrSUo9ZUgMkqiOh
csr7 =b5o649MazWMsyZ22EVM7JmmYYscc9Qzq+//ZWMpCAnoWITADsurpNZ5Yh0UkCfxY
csr8 =GhBjyMeZTnzNexTCzrOGmcv0Rzbmb39+cOcCNbnavwxbBnG52fVeuqz+xkDzdnDi
csr9 =vYeVckbtCTr+CmqKtBYxnItIm+PEYmhtvbHFf/9+qyNjzpRHMzSDFOGSzWCl0tEC
csr10 =AwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBz4iUEI/QlJUqOeYB/KF1tVbg/9hRg
csr11 =WuJy740RunHWS8CF89RPhZO2bTGXPWhfXcbWBTGMdmww9B3GONYNS662Q0B1Xido
csr12 =OSA4M77s41GPiIyOMf3CRU27m0ubpUNfoKwxq2Xj7drgqfBOWRKR0JpD5CugqEbG
csr13 =Nc4EbNeA++/dMzQ1feeT7gQbyfncC/J1VDtSSUP1hjXfDzYwgsQ45bwcrbcuLIvr
csr14 =yRGJ+XdKC4hlXG7ZtMu+OAH4RSAmRCW5RCs3JqWPmVzFAhLn2ga0U/Oxzraqbcuh
csr15 =zdpHXuhFE31q0NGLNRt2gNSCa41pUyTgubM0Q5Jm5TaG8i0Or0ZxjpnY
csr16 =-----END CERTIFICATE REQUEST-----
serversoftware = APACHESSL
organization = Example GmbH
firstname = Max
lastname = SSLTester
street = Streetname
zip = 12345
city =  Testcity
province = Berlin
country = DE
jobtitle = CEO
phone = 0686545566
fax = 0686545566
email = [email protected]

Ordering a Starfield Standard Unified certificate

The following command shows you how to order a Starfield Standard Unified certificate.

command = CreateSSLCert
sslcertclass = STARFIELD_STANDARD_UNIFIED
period = 1
csr0 =-----BEGIN CERTIFICATE REQUEST-----
csr1 =MIICxjCCAa4CAQAwgYAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdQcm92aWNlMQ0w
csr2 =CwYDVQQHEwRDaXR5MRUwEwYDVQQKEwxFeGFtcGxlIEdtYkgxGDAWBgNVBAMTD3d3
csr3 =dy5leGFtcGxlLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0BleGFtcGxlLmNvbTCC
csr4 =ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeWGKlf6S/7ku2SxSdcxT8d
csr5 =OS+zA3KWxibaKmXkh3ySBFsnKQeqRChTffilGGYUJ0YbFDrMwwkaHEbJ3UkHx2zb
csr6 =MbmXCYEw31qCPm+AN1xvEW6sovzL5hnamMsichlsNrvUbh5WnVrSUo9ZUgMkqiOh
csr7 =b5o649MazWMsyZ22EVM7JmmYYscc9Qzq+//ZWMpCAnoWITADsurpNZ5Yh0UkCfxY
csr8 =GhBjyMeZTnzNexTCzrOGmcv0Rzbmb39+cOcCNbnavwxbBnG52fVeuqz+xkDzdnDi
csr9 =vYeVckbtCTr+CmqKtBYxnItIm+PEYmhtvbHFf/9+qyNjzpRHMzSDFOGSzWCl0tEC
csr10 =AwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBz4iUEI/QlJUqOeYB/KF1tVbg/9hRg
csr11 =WuJy740RunHWS8CF89RPhZO2bTGXPWhfXcbWBTGMdmww9B3GONYNS662Q0B1Xido
csr12 =OSA4M77s41GPiIyOMf3CRU27m0ubpUNfoKwxq2Xj7drgqfBOWRKR0JpD5CugqEbG
csr13 =Nc4EbNeA++/dMzQ1feeT7gQbyfncC/J1VDtSSUP1hjXfDzYwgsQ45bwcrbcuLIvr
csr14 =yRGJ+XdKC4hlXG7ZtMu+OAH4RSAmRCW5RCs3JqWPmVzFAhLn2ga0U/Oxzraqbcuh
csr15 =zdpHXuhFE31q0NGLNRt2gNSCa41pUyTgubM0Q5Jm5TaG8i0Or0ZxjpnY
csr16 =-----END CERTIFICATE REQUEST-----
slottype = 4
alternatecn0 = mail.example.com
alternatecn1 = intranet.example.com
alternatecn2 = webinterface.example.com
serversoftware = APACHESSL
organization = Example GmbH
firstname = Max
lastname = SSLTester
street = Streetname
zip = 12345
city =  Testcity
province = Berlin
country = DE
jobtitle = CEO
phone = 0686545566
fax = 0686545566
email = [email protected]


How install a SSL certificate in your webserver

Apache

1. Copy the certificate to the directory that you designate. This is the directory in which you plan to store your certificate.
(Default: /usr/local/apache/conf/ssl.crt or /etc/httpd/conf/ssl.crt)

2. Open the httpd.conf file in a text editor.

3. Locate the secure virtual host pertaining to your order. You should have the following directives within this virtual host. Please add them if you do not.

SSLCertificateFile /usr/local/apache/conf/ssl.crt/mydomain.com.crt 
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mydomain.com.key

Only for Comodo or Starfield certificates:

SSLCertificateChainFile /usr/local/apache/conf/ssl.key/mydomain.com.ca

4. Save the changes and exit the editor.

5. Start or Restart your apache Web server.
(Default: /usr/local/apache/bin/apachectl startssl or /usr/local/apache/bin/apachectl restart).

6. Test your certificate by connecting to your server. Use the https protocol directive (e.g. https://yourserver/) to indicate you wish to use secure HTTP.

IMPORTANT: Please note that depending on your operating system the location of the webservers configuration files can be different.


Apache 2

1. Copy the certificate to the directory that you designate. This is the directory in which you plan to store your certificate.
(Default: /usr/local/apache2/conf/ssl.crt)

2. Open the apache2.conf file in a text editor.

3. Locate the secure virtual host pertaining to your order. You should have the following directives within this virtual host. Please add them if you do not.

SSLCertificateFile /usr/local/apache2/conf/ssl.crt/mydomain.com.crt 
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/mydomain.com.key

Only for Comodo or Stafield certificates:

SSLCertificateChainFile /usr/local/apache/conf/ssl.key/mydomain.com.ca

4. Save the changes and exit the editor.

5. Start or Restart your apache Web server.
(Default: /usr/local/apache2/bin/apachectl stop and /usr/local/apache2/bin/apachectl start).

6. Test your certificate by connecting to your server. Use the https protocol directive (e.g. https://yourserver/) to indicate you wish to use secure HTTP.

Further details can be found in the official apache documentation

IMPORTANT: Please note that depending on your operating system the location of the webservers configuration files can be different.



Microsoft IIS

1. Select Administrative Tools.

2. Start Internet Services Manager.

Iis csr1.jpg

3. Open the properties window for the website. You can do this by right clicking on the Default Website and selecting Properties from the menu.

4. Open Directory Security by right clicking on the Directory Security tab

Iis csr2.jpg


5. Click Server Certificate. The following Wizard will appear:

Iis3.jpg


6. Choose to Process the Pending Request and Install the Certificate. Click Next.

7. Enter the location of your SSL certificate (you may also browse to locate your IIS SSL certificate), and then click Next.

8. Read the summary screen to be sure that you are processing the correct certificate, and then click Next.

9. You will see a confirmation screen. When you have read this information, click Next.

10. You now have an IIS SSL server certificate installed.

IMPORTANT: You must now restart the computer to complete the install


If you need to install the Root and Intermediate certificates manually, please see manual installation of Root and Intermediate Certificates.