Re: [apache-ssl] Verisign procedures for obtaining certificate

[Adam Laurie <adam@algroup.co.uk>]

Darn. One day I'll learn to read the *whole* message before replying...
:)

OK, if you're trying to get your shiny new cert to work with apache-ssl,
all you need to do is add the following to your config:

SSLCertificateFile /path/to/your/new.verisign.cert
SSLCertificateKeyFile /path/to/your/key.that.you.signed.the.request.with

and possibly (depending on what version you're running):

SSLCACertificateFile /a/dummy/entry/because/of/a/bug/in/1.17

cheers,
Adam


Adam Laurie wrote:
> 
> if you want to examine the cert, use:
> 
> ssleay x509 -text -in your.cert
> 
> If you want to generate a linked hash, do:
> 
> ln -s your.cert `ssleay x509 -noout -hash < your.cert`.0
> 
> cheers,
> Adam
> 
> Todd B. Acheson wrote:
> >
> > I am attempting to get a verisign certificate.
> >
> > I received instructions (included below)  from verisgin and I generated
> > a CSR and received a certificate.
> >
> > However I cannot find the "getca" or "getversign" programs or commands
> > that they reference to extract the Server ID.  I have SSLeay 0.81 and
> > 0.90b.
> >
> > Verisign is no help in the matter.
> >
> > -----
> > 1. VeriSign will have sent you a certificate in the mail. This  will look
> > something like the following:
> >       -----BEGIN CERTIFICATE-----
> >       JIEBSDSCEXoCHQEwLQMJSoZILvoNVQECSQAwcSETMRkOAMUTBhMuVrM
> >       mIoAnBdNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYDVQ
> >       QLExNQZXJzb25hIENlcnRpZmljYXRlMSQwIgYDVQQDExtPcGVuIE1hc
> >       mtldCBUZXN0IFNlcnZlciAxMTAwHhcNOTUwNzE5MjAyNzMwWhcNOTYw
> >       NTE0MjAyOTEwWjBzMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIER
> >       hdGEgU2VjdXJpdHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydG
> >       lmaWNhdGUxJDAiBgNVBAMTG09wZW4gTWFya2V0IFRlc3QgU2VydmVyI
> >       DExMDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDU/7lrgR6vkVNX40BA
> >       q1poGdSmGkD1iN3sEPfSTGxNJXY58XH3JoZ4nrF7mIfvpghNi1taYim
> >       vhbBPNqYe4yLPAgMBAAEwDQYJKoZIhvcNAQECBQADQQBqyCpws9EaAj
> >       KKAefuNP+z+8NY8khckgyHN2LLpfhv+iP8m+bF66HNDUlFz8ZrVOu3W QapgL
> >       PV90kIskNKXX3a
> >    ------END CERTIFICATE-----
> > 1. Copy the entire certificate, including the begin certificate and end
> > certificate lines into a text editor such as Notepad (do not use Word or
> > another word processing program.) Make sure that the certificate appears as
> > formatted above. In other words, make sure that the begin certificate and
> > end certificate lines are by themselves.
> > 2. Secure Server ID PRIVACY-ENHANCED message to a temporary file, such as
> > /tmp/cert.tmp.
> > 3. Run getca and specify both the name of the server that owns the ID and
> > the name of the temporary certificate file. For example: # getca hostname <
> > /tmp/cert.tmp
> > 4. In some versions of SSLEAY, you should use the command getversign instead
> > of getca
> > 5. This saves the Secure Server ID to the file SSLTOP/certs/hostname.cert
> > 6. Remove the temporary file. For example: # rm/tmp/cert.tmp
> > 7. Restart the server.
> >
> > ----------------------
> > Todd Acheson
> > 740 593-0034
> >
> > acheson@ohiou.edu
> 
> --
> Adam Laurie                   Tel: +44 (181) 742 0755
> A.L. Digital Ltd.             Fax: +44 (181) 742 5995
> Voysey House
> Barley Mow Passage            http://www.aldigital.co.uk
> London W4 4GB                 mailto:adam@algroup.co.uk
> UNITED KINGDOM                PGP key on keyservers

--
Adam Laurie                   Tel: +44 (181) 742 0755
A.L. Digital Ltd.             Fax: +44 (181) 742 5995
Voysey House                  
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers