| | 9 | |
| | 10 | The certificate authority is also used at the moment to sign certificates for individual users. If you would like a certificate for yourself to use within CAL, follow these instructions: |
| | 11 | |
| | 12 | == creating a personal certificate == |
| | 13 | |
| | 14 | === prerequisites === |
| | 15 | |
| | 16 | This assumes you are running a reasonable operating system which has [http://www.openssl.org/ openssl] installed. This probably does not include [http://www.microsoft.com/ Windows]. |
| | 17 | === download the setup script === |
| | 18 | |
| | 19 | The setup script is attached to this wiki page as CALpkcs12. it is a bash script, and should be made executable with `chmod u+x` |
| | 20 | |
| | 21 | === generating a private key and certificate request === |
| | 22 | |
| | 23 | Run the following command and provide reasonable answers to the questions it asks you: |
| | 24 | |
| | 25 | {{{ |
| | 26 | [dkg@squeak test]$ chmod u+x CALpkcs12 |
| | 27 | [dkg@squeak test]$ ./CALpkcs12 newkey |
| | 28 | Choose your preferred user name: [dkg] dkg |
| | 29 | Enter your current e-mail address: [dkg@localdomain] dkg@example.org |
| | 30 | Choose a passphrase: |
| | 31 | Confirm the passphrase: |
| | 32 | Generating a 2048 bit RSA private key |
| | 33 | ...................................+++ |
| | 34 | .........................................+++ |
| | 35 | writing new private key to '.CAL-key.pem' |
| | 36 | ----- |
| | 37 | trying to mail new certificate request to the CAL network admin <omitted here> |
| | 38 | Success! You may want to also mail the CAL network admin |
| | 39 | <omitted here> a brief followup e-mail about your new account |
| | 40 | registration. |
| | 41 | [dkg@squeak test]$ |
| | 42 | }}} |
| | 43 | |
| | 44 | So far, you've created a key and a certificate request. The system administrator still needs to provide you with a full-fledged certificate. Don't lose the files in this directory! |
| | 45 | |
| | 46 | === creating the PKCS12 from the generated certificate === |
| | 47 | |
| | 48 | After receiving and verifying your certificate request, the system administrator will send you a file called `CAL-cert.pem`. Save it in the same directory as your other certificates, and you can now run the following command: |
| | 49 | |
| | 50 | {{{ |
| | 51 | [dkg@squeak test]$ CALpkcs12 newcert |
| | 52 | Where is the downloaded certificate? [CAL-cert.pem] |
| | 53 | Enter your passphrase: |
| | 54 | Created pkcs12 certificate bundle in file CAL-cert.p12. You |
| | 55 | can now import this bundle into your favorite web browser. |
| | 56 | [dkg@squeak test]$ |
| | 57 | }}} |
| | 58 | |
| | 59 | == using the certificate in different clients == |
| | 60 | |
| | 61 | You'll probably want to use this certificate in different clients. For example, you will find it useful in your web browser. |
| | 62 | |
| | 63 | === configuring Mozilla === |
| | 64 | Under Mozilla, choose "Edit|Preferences", then select "Privacy and Security" in the left-hand pane, and choose "Certificates" from the sub-menu. |
| | 65 | |
| | 66 | Click "Manage Certificates", ensure that the "Your Certificates" tab is active, and choose "import". Point Mozilla at `cal-cert.p12`, and give it the password you gave in the "Export Password" step above. Mozilla should now know how to identify you to the server. |
| | 67 | |
| | 68 | === configuring Firefox === |
| | 69 | Under firefox, choose "Edit", "Preferences", then under "Advanced", expand the "Certificates" section. Click "Manage Certificates". Ensure that the "Your Certificates" tab is active, and choose "import". Point Firefox at `cal-cert.p12`, and give it the password you gave in the "Export Password" step above. Firefox should now know how to identify you to the server. |
