[BlueOnyx:06280] Re: help with wild card SSL cert install

Doug Harvey dwh1958 at gmail.com
Sat Jan 8 02:51:37 -05 2011 

Hey Jim.  I had issues with installing certs on BQ, so this will be an
interesting read.

Doug



On Fri, Jan 7, 2011 at 12:04 PM, Jim Dory <jdory at nomealaska.org> wrote:

>  Hoping someone can offer some advice or answers to installing a wild
> card SSL certificate.
>
> I currently have working a cert for www.nomealaska.org but want one for
> webmail.nomealaska.org as well. I may start up a ftp.nomealaska.org too
> so figure a wild card would simplify.
>
> My cert files right now are in /home/.sites/XXX/siteX/certs and include
> ca-certs, certificate, and key. I've backed these up in same directory.
>
> I'm getting the certs from our registrar www.register.com which seem
> priced competitively. I think for the previous cert I received from them
> certificate.crt, Intermediary_Certificate_1.crt,
> Intermediary_Certificate_2.crt, and Root_Certificate.crt. I also have a
> signing-request.txt file along with them that may have been generated by
> the BX GUI? I think I know to paste the Intermediary and Root crt files
> into one file named nomealaska.org.ca.crt, then when installing via GUI
> it becomes certificate.crt? And when copying to my certs directory
> rename it to certificate?
>
> I should use the BX GUI and install them as c1, c2, and c3 but not clear
> on the order. c3 = Root_Certificate.crt? This part gets real muddy for me.
>
> So my first task is generating a request. I was looking on Apache's site
> and found and tried this command for wild cards:
> openssl req -new -newkey rsa:2048 -nodes -out star_nomealaska_org.csr
> -keyout star_nomealaska_org.key -subj "/C=US/ST=Alaska/L=Nome/O=City of
> Nome/CN=*.nomealaska.org"
>
> all one line.
>
> That produced star_nomealaska.org.csr and star_nomealaska.org.key. I
> assume the key will be the private key and I can keep it named as it is?
> If these are date sensitive (I did them yesterday but will try to buy
> cert today) maybe I should redo that command for today?
>
> So after purchasing the cert, I put them in the vhost's certs directory
> as I mentioned above. Then I believe I need to install them using the BX
> GUI. In the GUI there is an Import button, but also a Manage Cert
> Authorities. If I go to the Manage button, there is a Certificate
> Authority Name blank under Add. Shall I put *.nomealaska.org there or is
> that for register.com, the issuing company?
>
> There is also a Remove radio button there, with Current Certificate
> Authorities C2, C1, and C3. I assume to remove them first?
>
> Hopefully someone can get me started - I can at least get the cert
> purchased and ready to install if I know the request is proper.
>
> One last concern is this site is now named www.nomealaska.org but as we
> are migrating to a hosted company for web, I will rename it to
> nomealaska.org with webmail.nomealaska.org as alias. Hopefully this
> won't be an issue, especially with a wild card cert.
>
> thanks, JD
>
>
> --
> Jim Dory
> Engineering
> City of Nome
> PO Box 281
> 102 Division St.
> Nome, AK 99762
> 907.443.6604
>
> http://www.nomealaska.org
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110108/1ba8f1cc/attachment.html>

More information about the Blueonyx mailing list