[BlueOnyx:06279] help with wild card SSL cert install

Jim Dory jdory at nomealaska.org
Fri Jan 7 13:04:46 -05 2011 

  Hoping someone can offer some advice or answers to installing a wild 
card SSL certificate.

I currently have working a cert for www.nomealaska.org but want one for 
webmail.nomealaska.org as well. I may start up a ftp.nomealaska.org too 
so figure a wild card would simplify.

My cert files right now are in /home/.sites/XXX/siteX/certs and include 
ca-certs, certificate, and key. I've backed these up in same directory.

I'm getting the certs from our registrar www.register.com which seem 
priced competitively. I think for the previous cert I received from them
certificate.crt, Intermediary_Certificate_1.crt, 
Intermediary_Certificate_2.crt, and Root_Certificate.crt. I also have a 
signing-request.txt file along with them that may have been generated by 
the BX GUI? I think I know to paste the Intermediary and Root crt files 
into one file named nomealaska.org.ca.crt, then when installing via GUI 
it becomes certificate.crt? And when copying to my certs directory 
rename it to certificate?

I should use the BX GUI and install them as c1, c2, and c3 but not clear 
on the order. c3 = Root_Certificate.crt? This part gets real muddy for me.

So my first task is generating a request. I was looking on Apache's site 
and found and tried this command for wild cards:
openssl req -new -newkey rsa:2048 -nodes -out star_nomealaska_org.csr 
-keyout star_nomealaska_org.key -subj "/C=US/ST=Alaska/L=Nome/O=City of 
Nome/CN=*.nomealaska.org"

all one line.

That produced star_nomealaska.org.csr and star_nomealaska.org.key. I 
assume the key will be the private key and I can keep it named as it is? 
If these are date sensitive (I did them yesterday but will try to buy 
cert today) maybe I should redo that command for today?

So after purchasing the cert, I put them in the vhost's certs directory 
as I mentioned above. Then I believe I need to install them using the BX 
GUI. In the GUI there is an Import button, but also a Manage Cert 
Authorities. If I go to the Manage button, there is a Certificate 
Authority Name blank under Add. Shall I put *.nomealaska.org there or is 
that for register.com, the issuing company?

There is also a Remove radio button there, with Current Certificate 
Authorities C2, C1, and C3. I assume to remove them first?

Hopefully someone can get me started - I can at least get the cert 
purchased and ready to install if I know the request is proper.

One last concern is this site is now named www.nomealaska.org but as we 
are migrating to a hosted company for web, I will rename it to 
nomealaska.org with webmail.nomealaska.org as alias. Hopefully this 
won't be an issue, especially with a wild card cert.

thanks, JD


-- 
Jim Dory
Engineering
City of Nome
PO Box 281
102 Division St.
Nome, AK 99762
907.443.6604

http://www.nomealaska.org

More information about the Blueonyx mailing list