Comtrust Support

		Home	Contact Us

Search this site

About Us

Our Customers

Our Alliances

e-Hosting

e-Payment

e-Retailing

e-Security

e-Consulting

CA Services

Library

FAQs

Repository

Contact Sales

Glossary

Comtrust Support: Server Certificate: Apache Server

Requirements.
STEP 1- Generate the RSA key-pair for a user/server
STEP 2- Generate a certificate request
STEP 3- Install the certificate.
Reference

Requirements:

Latest version of both ApacheSSL (complied against a latest version of OpenSSL) and OpenSSL.

STEP 1- Generate the RSA key-pair for a user/server

Use this command to generate the RSA key pair

User% openssl genrsa -des3 -out user.key

Parameters

genrsa: The openssl component to generate an RSA key-pair,
-des3: The symmetric algorithm to encrypt the key-pair,
-out user.key: The filename to store the key-pair,

This creates an RSA key pair stored in the file user.key. The key pair is encrypted with 3DES with a password supplied by the user during key generation. In case you want to avoid pass phrases and are sure that your machine is secure, then you can leave out the "-des3" portion of the key generation command. In case you plan to use the password, then please note that it will be required every time the private key is accessed. Furthermore, in case the password is lost, then a new one key will be required.

STEP 2- Generate a certificate request

Generate a certificate request with this command. The CSR is submitted (including the BEGIN NEW CERTIFICATE REQUEST and END NEW CERTIFICATE REQUEST statements) to Comtrust while applying for the server certificate at http://www.comtrust.co.ae/PKIForms/serverenroll.htm. A reference number is provided for downloading the approved certificate.

User% openssl req -new -key user.key -out user.csr

Parameters

req: The openssl component to generate a certificate request,
-new: This is a new certificate,
-key user.key: The key-pair file to be used,
-out user.csr: The filename that the new certificate request will be written onto

STEP 3- Install the certificate

The approved certificate can be downloaded at http://www.comtrust.co.ae/PKIForms/serverenroll.htm by putting in the reference number as provided at the time of applying for the certificate. A text file will be generated and displayed in the browser as under.

Copy all the content and pasted in a text file and save this file - this file is your server certificate. Now perform the following steps. Copy between BEGIN & END of the following parts of the certificates and save them in a single file (named "certca.crt"). These parts form the certification trust chain.

Titled- Common Name: GTE CyberTrust Root
Titled- Common Name: Comtrust Root Certificate Authority
Titled- Common Name: Comtrust Server Certificate Authority)

Copy between BEGIN and END of the fourth part (Titled- Common Name: www.abc.com) and save it in a separate file called "cert.crt".

Note: All parts of the certificates are very important to define the trusted path. Without installing these parts a warning message will appear to the client whenever he accesses the web server. The Apache-SSL directives that you need to use the resulting cert are:

SSLCertificateFile /path/to/certs/user.crt (Your certificate saved as "cert.crt")
SSLCertificateKeyFile /path/to/certs/user.key (Your secret key- To be installed as per the instructions of ApacheSSL)
SSLCertificateChainFile /path/to/certs/certca.crt (Trust chain saved as "certca.crt")

Reference:

The Open-source PKI Book

A guide to PKIs and Open-source Implementations

Symeon (Simos) Xenitellis

OpenCA Team

Copyright © 1999, 2000 by Symeon (Simos) Xenitellis

http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm

For more info on our products please email us at info@comtrust.ae

Home | Quality Policy | Privacy Policy | Jobs | Contact Us