| | 2 | |
| | 3 | |
| | 4 | {{{ |
| | 5 | [dkg@squeak cal]$ openssl req -newkey rsa:2048 -keyout cal-key.pem -out cal-req.pem |
| | 6 | Generating a 2048 bit RSA private key |
| | 7 | .......................................................................................................................................................+++ |
| | 8 | ...........+++ |
| | 9 | writing new private key to 'cal-key.pem' |
| | 10 | Enter PEM pass phrase: |
| | 11 | Verifying - Enter PEM pass phrase: |
| | 12 | ----- |
| | 13 | You are about to be asked to enter information that will be incorporated |
| | 14 | into your certificate request. |
| | 15 | What you are about to enter is what is called a Distinguished Name or a DN. |
| | 16 | There are quite a few fields but you can leave some blank |
| | 17 | For some fields there will be a default value, |
| | 18 | If you enter '.', the field will be left blank. |
| | 19 | ----- |
| | 20 | Country Name (2 letter code) [AU]:US |
| | 21 | State or Province Name (full name) [Some-State]:New York |
| | 22 | Locality Name (eg, city) []:New York |
| | 23 | Organization Name (eg, company) [Internet Widgits Pty Ltd]:Columbia University Astrophysics Laboratory |
| | 24 | Organizational Unit Name (eg, section) []:People |
| | 25 | Common Name (eg, YOUR name) []:Daniel Kahn Gillmor |
| | 26 | Email Address []:foo@bar.com |
| | 27 | |
| | 28 | Please enter the following 'extra' attributes |
| | 29 | to be sent with your certificate request |
| | 30 | A challenge password []: |
| | 31 | An optional company name []: |
| | 32 | [dkg@squeak cal]$ |
| | 33 | }}} |
| | 34 | Now send the system administrator a copy of the new certificate request you just created called `cal-req.pem`, along with an explanation of why you should have an account. |
| | 35 | |
| | 36 | The system administrator will then send you a file called `cal-cert.pem`. You should now run the following command: |
| | 37 | |
| | 38 | {{{ |
| | 39 | [dkg@squeak cal]$ openssl pkcs12 -export -in cal-cert.pem -inkey cal-key.pem -out cal-cert.p12 -name "My CAL Certificate" |
| | 40 | Enter pass phrase for dkg-cal-key.pem: |
| | 41 | Enter Export Password: |
| | 42 | Verifying - Enter Export Password: |
| | 43 | [dkg@squeak cal]$ |
| | 44 | }}} |
| | 45 | |
| | 46 | Now you have `cal-cert.p12`, which should be able to be loaded into your favorite web browser. Under Mozilla, choose "Edit|Preferences", then select "Privacy and Security" in the left-hand pane, and choose "Certificates" from the sub-menu. |
| | 47 | |
| | 48 | Click "Manage Certificates", ensure that the "Your Certificates" tab is active, and choose "import". Point Mozilla at `cal-cert.p12`, and give it the password you gave it in "the "Export Password" step above. Mozilla should now know how to identify you to the server. |
