Context Navigation

← Previous Change
Wiki History
Next Change →

Changes between Version 5 and Version 6 of SettingUpUser

Timestamp:: 11/30/05 05:59:05 (20 years ago)
Author:: Daniel Kahn gillmor
Comment:: removing the content of this page.

Legend:

: Unmodified
: Added
: Removed
: Modified

SettingUpUser

-              v5
+              v6
-[[PageOutline]]
-= creating a PKCS12 certificate file =
-== prerequisites ==
-This assumes you are running a reasonable operating system which has [http://www.openssl.org/ openssl] installed.  This probably does not include [http://www.microsoft.com/ Windows].
-== generating a private key and certificate request ==
-Run the following command and provide reasonable answers to the questions it asks you:
-{{{
-[dkg@squeak cal]$ openssl req -newkey rsa:2048 -keyout cal-key.pem -out cal-req.pem
-Generating a 2048 bit RSA private key
-.......................................................................................................................................................+++
-...........+++
-writing new private key to 'cal-key.pem'
-Enter PEM pass phrase:
-Verifying - Enter PEM pass phrase:
------
-You are about to be asked to enter information that will be incorporated
-into your certificate request.
-What you are about to enter is what is called a Distinguished Name or a DN.
-There are quite a few fields but you can leave some blank
-For some fields there will be a default value,
-If you enter '.', the field will be left blank.
------
-Country Name (2 letter code) [AU]:US
-State or Province Name (full name) [Some-State]:New York
-Locality Name (eg, city) []:New York
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:Columbia University Astrophysics Laboratory
-Organizational Unit Name (eg, section) []:People
-Common Name (eg, YOUR name) []:Daniel Kahn Gillmor
-Email Address []:foo@bar.com
-Please enter the following 'extra' attributes
-to be sent with your certificate request
-A challenge password []:
-An optional company name []:
-[dkg@squeak cal]$
-}}}
-Now send the system administrator a copy of the new certificate request you just created called `cal-req.pem`, along with an explanation of why you should have an account.  You're not done yet!  All you've created so far is a key and a certificate request.  The system administrator still needs to provide you with a full-fledged certificate.
-== creating the PKCS12 from the generated certificate ==
-After receiving and verifying your certificate request, the system administrator will send you a file called `cal-cert.pem`.  You should now run the following command:
-{{{
-[dkg@squeak cal]$ openssl pkcs12 -export -in cal-cert.pem -inkey cal-key.pem -out cal-cert.p12 -name "My CAL Certificate"
-Enter pass phrase for dkg-cal-key.pem:
-Enter Export Password:
-Verifying - Enter Export Password:
-[dkg@squeak cal]$
-}}}
-Now you have `cal-cert.p12`, which should be able to be loaded into your favorite web browser.
-= putting the certificate in different web browsers =
-== configuring Mozilla ==
-Under Mozilla, choose "Edit|Preferences", then select "Privacy and Security" in the left-hand pane, and choose "Certificates" from the sub-menu.
-Click "Manage Certificates", ensure that the "Your Certificates" tab is active, and choose "import".  Point Mozilla at `cal-cert.p12`, and give it the password you gave in the "Export Password" step above.  Mozilla should now know how to identify you to the server.
-== configuring Firefox ==
-Under firefox, choose "Edit", "Preferences", then under "Advanced", expand the "Certificates" section.  Click "Manage Certificates".  Ensure that the "Your Certificates" tab is active, and choose "import".   Point Firefox at `cal-cert.p12`, and give it the password you gave in the "Export Password" step above.  Firefox should now know how to identify you to the server.