December 18th, 2005, 06:56 PM
SSL certificates and private keys
I have only ever used SSL to access my Sourceforge.net projects and upload data, but now I would like to use it for my web server. Bluehost provide my hosting, and I have attached an image of their graphical configuration for modssl (in both the KEY and CRT links, you are requested to upload the respective file).
Now, I'm not really sure about the private keys and the certificates. How do I generate them? You see, I would like to access the server to upload a server-side script, but I need to configure the certificates and keys before I am allowe to (and I don't know how to do this). Any help would be appreciated, because the method described on TLDP seems a bit long.
Thanks in advance,
December 18th, 2005, 07:49 PM
// too far away outside of limit
December 18th, 2005, 11:16 PM
The Apache Foundation has a wonderful page on the generation of SSL keys and certificate signing requests. I'll describe it briefly here.
First, you generate a key for your server. A Certificate Signing Request is then generated for that key. That CSR is then sent to a Certificate Authority (in this case your web hoster), who then generates a certificate from that CSR, which will confirm that your key is valid. In effect, you are having the key signed by the signing authority without actually sending them the key.
You will need to generate your own key for your server, then generate a Certificate Signing Request for it. At that point you send the CSR to your host, and there will somewhere be an option to have that CSR signed. The server will need both the key you generated and the certificate returned by your host to serve encrypted web pages.
Apache's FAQ on the subject is my de facto reference when generating new keys. It can be found at http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html, and is much more concise and to the point then the howto on TLDP.
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError
December 19th, 2005, 12:41 AM
Thanks both of you for those links (and especially for that little briefing, Striek!) - I'm going to read them now to understand it a bit better. I'll post if I have any problems.
December 19th, 2005, 01:56 AM
BlueHost has really good technical support. I've used mod_ssl before, but not through their graphical web site management tool (cpanel). I'd suggest you contact their support with some questions on specifically what you need; I bet they'd be pretty responsive.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore