- Generate certificate request and private key. (The private key can be reused to generate new requests for renewing the certificate.)
- Create a request configuration file named your-domain-name.csr.conf like below:
[req] prompt=no default_bits=2048 encrypt_key=no default_md=sha1 distinguished_name=dn # PrintableStrings only string_mask=MASK:0002 x509_extensions=x509_ext req_extensions=req_ext [dn] C=AU ST=Your State L=Your City O=Your Organization OU=Your Organisation Unit CN=mediaflux.your-domain.org [x509_ext] subjectAltName=DNS:name1.your-domain.org.au,URI:https://mediaflux.your-domain.org.au/1234/shibboleth,DNS:name2.your-domain.org.au,URI:https://daris.your-domain.org.au/1234/shibboleth subjectKeyIdentifier=hash [req_ext] subjectAltName=DNS:name1.your-domain.org.au,DNS:name2.your-domain.org.au
- Generate certificate request using the command below:
openssl req -config your-domain-name.csr.conf -new -days 3650 -keyout your-domain-name.key -out your-domain-name.csr
You should now have the generated private key file: your-domain-name.key and request file: your-domain-name.csr. Keep the private key file in safe for future certificate renewal requests. - Submit the generated your-domain-name.csr file to be signed by CA (You only need to sumit the csr file.) And you should get CA signed certificate: your-domain-name.crt
- Install the CA signed certificate:
- Convert private key to .p8 format:
openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in your-domain-name.key -out your-domain-name.key.p8
You only need to do this once and keep the your-domain-name.key.p8 file together with your-domain-name.key for future certificate installations. - Install the CA signed certificate using the command below in Aterm:
server.certificate.identity.import :in file:/path/to/your-domain-name.key.p8 :in file:/path/to/your-domain-name.crt :replacement true
It should return the imported certificate identity entry. Remember the id of the identity to be used in the next step. - Set default certificate alias the the newly installed certificate identity (assume its id is 2):
server.property.set :property -name server.default.certificate.alias 2
Search This Blog
Install SSL certificate on Mediaflux server
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment