Changes between Version 3 and Version 4 of SSL Certificate Management


Ignore:
Timestamp:
01/13/08 21:48:42 (18 years ago)
Author:
secrest@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • SSL Certificate Management

    v3 v4  
    111111This creates directories and files that are refered to in the default openssl config file, `/usr/lib/ssl/openssl.cnf`.  (Alternatively, you could alter the config file to specify different directories and filenames.)
    112112
    113 The file, `serial`, contains the "serial number" that will go in the certificate.  It should just be a text file that contains a hexadecimal number.  Normally, you would increment that every time you renewed the certificate.  To see the serial number on the previous certificate, enter:
     113The file, `serial`, contains the "serial number" that will go in the certificate.  It should just be a text file that contains a hexadecimal number.  Normally, you would increment that every time you renewed any certificate.  To see the serial number on the previous certificate, enter:
    114114{{{
    115115openssl x509 -noout -text -in mail.astro.columbia.edu-cert.pem.old
    116116}}}
    117 where `mail.astro.columbia.edu-cert.pem.old` is the old certificate file.  Include the full path if it is not in the current directory.
     117where `mail.astro.columbia.edu-cert.pem.old` is the old certificate file.  Include the full path if it is not in the current directory. Note that the serial number needs to be unique among all certificates certified by that CA, not just among all certificates certified by that CA with the same Common Name (CN).
    118118
    119119When all the files are in place, run the following command:
     
    144144Path to Certificate: /etc/ldap/slapd.cert
    145145Path to Key File: /etc/ldap/slapd.key
    146 Valid: 1/10/2007 03:00:24 GMT - 1/10/2008 03:00:24 GMT
    147 Serial Number: 09
    148 Subject: DC=edu, DC=columbia, DC=astro, OU=services, CN=mars.astro.columbia.edu
     146Valid: 1/14/2008 02:00:15 GMT - 1/13/2009 02:00:15 GMT
     147Serial Number: 0D
     148Subject: C=US, ST=New York, O=Columbia University Astrophysics Laboratory, CN=mars.astro.columbia.edu/emailAddress=security@astro.columbia.edu
    149149}}}
    150150
     
    168168Path to Certificate: /etc/ssl/certs/docs.astro.columbia.edu-cert.pem
    169169Path to Key File: /etc/ssl/private/docs.astro.columbia.edu.pem
    170 Valid: 12/28/2006 19:52:26 GMT - 12/28/2007 19:52:26 GMT
    171 Serial Number: 08
    172 Subject: DC=edu, DC=columbia, DC=astro, OU=services, CN=docs.astro.columbia.edu
     170Valid: 1/14/2008 02:24:02 GMT - 1/13/2009 02:24:02 GMT
     171Serial Number: 0E
     172Subject: C=US, ST=New York, O=Columbia University Astrophysics Laboratory, CN=docs.astro.columbia.edu/emailAddress=security@astro.columbia.edu
    173173}}}
    174174