SSL certificates and private keys
Results 1 to 5 of 5

Thread: SSL certificates and private keys

  1. #1
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548

    SSL certificates and private keys

    Hi,

    I have only ever used SSL to access my Sourceforge.net projects and upload data, but now I would like to use it for my web server. Bluehost provide my hosting, and I have attached an image of their graphical configuration for modssl (in both the KEY and CRT links, you are requested to upload the respective file).

    Now, I'm not really sure about the private keys and the certificates. How do I generate them? You see, I would like to access the server to upload a server-side script, but I need to configure the certificates and keys before I am allowe to (and I don't know how to do this). Any help would be appreciated, because the method described on TLDP seems a bit long.

    Thanks in advance,

    J_K9
    TAZForum <---- click

  2. #2
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    i am not good on this yet but to generate key for ssh you can
    http://www.gideonsoftworks.com/SSHHO...H-HOWTO-1.html
    http://www.csua.berkeley.edu/ssh-howto.html

    and here a little about SSL
    http://www.openssl.org/docs/HOWTO/keys.txt
    // too far away outside of limit

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    The Apache Foundation has a wonderful page on the generation of SSL keys and certificate signing requests. I'll describe it briefly here.

    First, you generate a key for your server. A Certificate Signing Request is then generated for that key. That CSR is then sent to a Certificate Authority (in this case your web hoster), who then generates a certificate from that CSR, which will confirm that your key is valid. In effect, you are having the key signed by the signing authority without actually sending them the key.

    You will need to generate your own key for your server, then generate a Certificate Signing Request for it. At that point you send the CSR to your host, and there will somewhere be an option to have that CSR signed. The server will need both the key you generated and the certificate returned by your host to serve encrypted web pages.

    Apache's FAQ on the subject is my de facto reference when generating new keys. It can be found at http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html, and is much more concise and to the point then the howto on TLDP.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  4. #4
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Thanks both of you for those links (and especially for that little briefing, Striek!) - I'm going to read them now to understand it a bit better. I'll post if I have any problems.

    Thanks again!
    TAZForum <---- click

  5. #5
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    BlueHost has really good technical support. I've used mod_ssl before, but not through their graphical web site management tool (cpanel). I'd suggest you contact their support with some questions on specifically what you need; I bet they'd be pretty responsive.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •