| Version 2 (modified by , 20 years ago) ( diff ) |
|---|
Here's how i would create a user for trac:
[dkg@squeak cal]$ openssl req -newkey rsa:2048 -keyout cal-key.pem -out cal-req.pem Generating a 2048 bit RSA private key .......................................................................................................................................................+++ ...........+++ writing new private key to 'cal-key.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:New York Organization Name (eg, company) [Internet Widgits Pty Ltd]:Columbia University Astrophysics Laboratory Organizational Unit Name (eg, section) []:People Common Name (eg, YOUR name) []:Daniel Kahn Gillmor Email Address []:foo@bar.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [dkg@squeak cal]$
Now send the system administrator a copy of the new certificate request you just created called cal-req.pem, along with an explanation of why you should have an account.
The system administrator will then send you a file called cal-cert.pem. You should now run the following command:
[dkg@squeak cal]$ openssl pkcs12 -export -in cal-cert.pem -inkey cal-key.pem -out cal-cert.p12 -name "My CAL Certificate" Enter pass phrase for dkg-cal-key.pem: Enter Export Password: Verifying - Enter Export Password: [dkg@squeak cal]$
Now you have cal-cert.p12, which should be able to be loaded into your favorite web browser. Under Mozilla, choose "Edit|Preferences", then select "Privacy and Security" in the left-hand pane, and choose "Certificates" from the sub-menu.
Click "Manage Certificates", ensure that the "Your Certificates" tab is active, and choose "import". Point Mozilla at cal-cert.p12, and give it the password you gave it in "the "Export Password" step above. Mozilla should now know how to identify you to the server.
