ispCP - Board - Support - VHCS fork

ispCP - Board - Support - VHCS fork > ispCP Omega Contributions Area > Howtos > [HowTo] Create your own SSL CA and secure multiple services
Full Version: [HowTo] Create your own SSL CA and secure multiple services
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

rsmithgs

04-03-2008, 04:59 AM
http://www.cacert.org/

Dont quite know how reconised the certificates are though.

Think some dedicated server providers do free SSL certs with packages. But they have to remain with that server.

DaSilva

04-03-2008, 06:01 AM
This cacert gives me a free certificate after the successful test or what?

rsmithgs

04-03-2008, 06:20 AM
Dunno.

I would try and check to see what percentage of browsers will see the certificate as a valid one. Otherwise your back to square one.

Edit : Found this on the site

(*) Please note a general limitation is that, unlike long-time players like Verisign, CAcert's root certificate is not included by default in mainstream browsers, email clients, etc. This means people to whom you send encrypted email, or users who visit your SSL-enabled web server, will first have to import CAcert's root certificate, or they will have to agree to pop-up security warnings (which may look a little scary to non-techy users).

Which would be the same for your self signed certificates.

Though by spreading CAcerts instead of your self signed ones you are helping the spread of the CAcert Root certificate

DaSilva

04-04-2008, 06:49 PM
I know have a certificate from StartSSL but I don't know how to implement it to my server because I only have a *.crt , a *.csr and a *.key file but no *.pem .
How can I use this now?
Thanks.

rsmithgs

04-04-2008, 07:06 PM
DaSilva Wrote:I know have a certificate from StartSSL but I don't know how to implement it to my server because I only have a *.crt , a *.csr and a *.key file but no *.pem .
How can I use this now?
Thanks.

I think you can copy your *.crt and rename the copy *.pem

Cube

04-04-2008, 08:14 PM
But StartSSL is not trusted as well as far as I see.

rsmithgs

04-04-2008, 08:46 PM
Cube Wrote:But StartSSL is not trusted as well as far as I see.

That does look like the case.

If you do not want the certificate errors to appear in the web browser and are looking to get a certificate for free you will need to get the clients to install your certificate on the PC they are using. TO get a reconised certificate you will need to pay money.

fulltilt

05-20-2008, 03:28 AM
error by certificate generation

if i use:
Code:
openssl genrsa -out apache.key.pem -rand private/.rand 2048
openssl req -new -key apache.key.pem -out apache.req.pem
openssl ca -name RootCA -in apache.req.pem -out apache.cert.pem

i get this error in last step openssl ca:
Code:
Using configuration from /usr/lib/ssl/openssl.cnf
variable lookup failed for RootCA::private_key
21745:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=RootCA name=private_key
Pages: 1 2
ispCP - Board - Support - VHCS fork > ispCP Omega Contributions Area > Howtos > [HowTo] Create your own SSL CA and secure multiple services
Reference URL's