|
|
ADSP 21xx 
Have you found this site useful? Did we save you time? Did we cure your head-ache? Is your hair growing back now? Please make a donation to help with maintenance. |
Custom Search
Citadel SSL Certificate How-to GuideFor Mandriva Linux 2009 ScopeThis guide briefly explains how to create and install a Godaddy SSL certificate for Citadel. You could get a free (1 year) certificate from RapidSSL, but that only worked once for me - their wizards are really bad. So I gave up and bought one from Godaddy, but their certs are chained and need to be installed the right way. Hence this little guide to get past the two gotchas. Key File LocationThe /usr/local/citadel/keys directory contains three files: citadel.key the private key citadel.csr the certificate signing request citadel.cer the signed or self-signed certificate (plus any chained certificates) Generate a new KeyWhile inside the keys directory, run the following command: openssl genrsa -out citadel.key 2048 Generate a Certificate RequestGenerate a Certificate Signing Request based on that key: openssl req -new -key citadel.key -out citadel.csr Answer all of the prompts accurately. Observe all of the rules followed by your certificate authority for the distinguished name (DN) of your certificate. For example, the Common Name (CN) must be equivalent to the fully qualified domain name of your server (mail.aeronetworks.ca). If you live in the United States, you must also use the full name of the state that you live in, rather than its abbreviation. Now go to Godaddy and wade through all their special requests and additional sales crud and order your certificate. You simply paste in the contents of citadel.csr into the wizard (less citadel.csr, highlight, middle-click). VerificationGodaddy never manages to auto-verify my who-is data even though it is all in clear. So after a few minutes they will send an email with a special code to use in a DNS CNAME record to prove that I have control over my own domain: In file /var/named/zone/db.aeronetworks.ca: gP78Xz12.aeronetworks.ca. IN CNAME mail.aeronetworks.ca. Head back to Godaddy and click the line to verify the CNAME code. In a little while receive an email with a link to the certificate package. Download and Install the Certificate PackageHere is the first gotcha: Select Apache as the server type. The certificate package will then contain two certificates, one for mail.aeronetworks.ca and one chained certificate for Godaddy. Here is the second gotcha: Copy and paste the two certificates below each other into the file /usr/local/citadel/keys/citadel.cer and it should immediately work. |
|
Copyright © 2005-2008, Aerospace Software Ltd., GPL. |