| Version 3 (modified by , 20 years ago) ( diff ) |
|---|
Here's how i would create a user for trac:
[dkg@squeak cal]$ openssl req -newkey rsa:2048 -keyout cal-key.pem -out cal-req.pem Generating a 2048 bit RSA private key .......................................................................................................................................................+++ ...........+++ writing new private key to 'cal-key.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:New York Organization Name (eg, company) [Internet Widgits Pty Ltd]:Columbia University Astrophysics Laboratory Organizational Unit Name (eg, section) []:People Common Name (eg, YOUR name) []:Daniel Kahn Gillmor Email Address []:foo@bar.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [dkg@squeak cal]$
Now send the system administrator a copy of the new certificate request you just created called cal-req.pem, along with an explanation of why you should have an account.
The system administrator will then send you a file called cal-cert.pem. You should now run the following command:
[dkg@squeak cal]$ openssl pkcs12 -export -in cal-cert.pem -inkey cal-key.pem -out cal-cert.p12 -name "My CAL Certificate" Enter pass phrase for dkg-cal-key.pem: Enter Export Password: Verifying - Enter Export Password: [dkg@squeak cal]$
Now you have cal-cert.p12, which should be able to be loaded into your favorite web browser. Under Mozilla, choose "Edit|Preferences", then select "Privacy and Security" in the left-hand pane, and choose "Certificates" from the sub-menu.
Click "Manage Certificates", ensure that the "Your Certificates" tab is active, and choose "import". Point Mozilla at cal-cert.p12, and give it the password you gave in the "Export Password" step above. Mozilla should now know how to identify you to the server.
Under firefox, choose "Edit", "Preferences", then under "Advanced", expand the "Certificates" section. Click "Manage Certificates". Ensure that the "Your Certificates" tab is active, and choose "import". Point Firefox at cal-cert.p12, and give it the password you gave in the "Export Password" step above. Firefox should now know how to identify you to the server.
