www.bonsaiframework.com
Page tree

Versions Compared

Old Version 131

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 132

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • 2048 - make the RSA private key 2048 bit
  • The default file format will be PEM (to link to upcoming article about formats and standards)
  • The default encoding of the file will be base64 (link to upcoming article about formats and standards)
Note

Notice the creation of the private directory. It is very important that only the proper administrators should have access to the private key.

...

We prefer using the www in our domain name, so we will use www.earth.com. Again with CAs that support both

Info

CA's such as StartSSL can have SSL support for both www and no www. This is possible because the CA issues certificates where the Certificate Subject Alt Name extension is populated by both DNS Names, www.earth.com and earth.com.

...

Info

Here are some useful details about the CSR,

  • The default is a PEM Base64 (pem) encoded format. (link to upcoming article about formats and standards)
  • The private key used to digitally sign the CSR. (link to upcoming article about formats and standards)
  • The CSR command will also generate the public key and store it within the CSR file.

Optionally verify your key CSR via the command line or submit the contents to the SSLShopper CSR Decoder,

...

No Format
www.earth.com_server.pem.base64.crt

earth.com_server.crt.

...

You may download the chain certificate from your CA's website (you may need to search for it) or more conveniently download from SSLShopper's list of Chain Certificates and respective CA Installation Instructions.

In this case I found the chain certificate was found at StartCom How to Install Apache Server webpage which also indicates by their sample Apache configuration that,

  • ca.pem is the root CA certificate
  • sub.class1.server.ca.pem is the chain certificate

The file names, extension and documentation on file formats for certificates is a mess (link to details). There is not . As explained in Certificate File Formats we can identify the file as PEM and base64 encoded. There is no real standard that everyone follows so we will rename the file using the BonsaiFramework standards,

Code Block
mv sub.class1.server.ca.pem sub.class1.server.ca.pem.crt

After the extension change double click on the file in Windows to inspect the certificate.
Copy the Issued to: name as this will be used to rename the file,

Code Block
languagebash
mv sub.class1.server.ca.pem StartCom_Class_1_Primary_Intermediate_Server_CA_base64.pem.cer

What About the CA Certificate?

...