Posts tagged: ssl certificate

Create a Java Keystore

To create a Java keystore file – the minimum

keytool -genkey -alias tomcat -keyalg RSA -keystore /keystore-location -storepass password

You can answer anything to the questions if this is just for internal, development use. Keystore location is typically ~/.keystore.

Note that this merely creates the file. Doesn’t do anything about putting certificates in it.

Tags: , ,

categories Uncategorized | tracy | datetime July 14, 2010 6:18 am | comments Comments (0)

CaCert – Open Source Certificates

CaCert provides a free service as a Root Certificate Authority (CA).

To use the service for generating free SSL certificates, you first need to join the community and sign-up for an account.

After you’ve activated the account, login,  go to the ‘Server Certificates’ section off the main menu, click on ‘New’ and follow the instructions.

Before you use the certificates on a web site, install the CACert root certificate in your browser. Use the ‘Class 1′ Root certificate in PEM format.  In Firefox, just click on the PEM link, and accept the security exception. This is the only time you should need to do this. Thereafter, any certificate signed by CaCert will be accepted as a legal certificate.

Note that you would have to do this with any CA root certificate, if a number of them did not come pre-installed in your browser. To see all of your certificates in Firefox, go to Preferences > Advanced > Encryption > View Certificates > Authorities and Preferences > Advanced > Encryption > View Certificates > Servers .

See also Installing an SSL Certificate on Apache 2 and How to generate a Certificate Signing Request (CSR) for related information.

Tags: , ,

categories Uncategorized | tracy | datetime October 27, 2009 5:56 am | comments Comments (1)

Installing an SSL Certificate on Apache 2

Installing an SSL Certificate on Apache 2

  • First, create a Certificate Signing Request (CSR) and submit to a CA to get a signed Certificate
  • In $APACHE2_HOME/conf/httpd.conf, ensure that the line Include conf/extra/httpd-ssl.conf is not commented out
  • In $APACHE2_HOME/conf/extra/httpd-ssl.conf make the following changes at a minimum:
    • Download the signed certificate (typically .crt) and key file (typically .key) to somewhere in the $APACHE2_HOME/conf structure – e.g. $APACHE2_HOME/conf/ssl
    • Change the line ServerName www.example.com:443 to reflect the real domain name used in the CSR
    • Change the line SSLCertificateFile “/usr/local/apache2/conf/server.crt” to reflect the true location of the signed certificate file
    • Change the line SSLCertificateKeyFile “/usr/local/apache2/conf/server.key” to reflect the true location of the server key file
    • If you were supplied a CA certificate chain, change the lines SSLCertificateChainFile “/usr/local/apache2/conf/server-ca.crt” and possibly  SSLCACertificatePath “/usr/local/apache2/conf/ssl.crt” . At a minimum, you should read the comments in http-ssl.conf for further information.
  • Restart the server – you should now be able to access https:yourdomain.com.

See also CaCert – Open Source Certificates

Tags: , ,

categories Uncategorized | tracy | datetime September 26, 2009 7:15 am | comments Comments (2)

Unencrypt an SSL certificate

This is the easiest way to remove a password from a key after it’s been generated with a key.

openssl rsa -in server.key.cryp -out server.key

Tags: , ,

categories Uncategorized | tracy | datetime December 2, 2008 8:41 pm | comments Comments (0)

WordPress Themes