...
- 2048 - make the RSA private key 2048 bit
- The default file format will be PEM (to link to upcoming article about formats and standards)
- The default encoding of the file will be base64 (link to upcoming article about formats and standards)
Note |
---|
Notice the creation of the private directory. It is very important that only the proper administrators should have access to the private key. |
...
We prefer using the www in our domain name, so we will use www.earth.com. Again with CAs that support both
Info |
---|
CA's such as StartSSL can have SSL support for both www and no www. This is possible because the CA issues certificates where the Certificate Subject Alt Name extension is populated by both DNS Names, www.earth.com and earth.com. |
...
Info |
---|
Here are some useful details about the CSR,
|
Optionally verify your key CSR via the command line or submit the contents to the SSLShopper CSR Decoder,
...
No Format |
---|
www.earth.com_server.pem.base64.crt |
earth.com_server.crt.
...
You may download the chain certificate from your CA's website (you may need to search for it) or more conveniently download from SSLShopper's list of Chain Certificates and respective CA Installation Instructions.
In this case I found the chain certificate was found at StartCom How to Install Apache Server webpage which also indicates by their sample Apache configuration that,
- ca.pem is the root CA certificate
- sub.class1.server.ca.pem is the chain certificate
The file names, extension and documentation on file formats for certificates is a mess (link to details). There is not . As explained in Certificate File Formats we can identify the file as PEM and base64 encoded. There is no real standard that everyone follows so we will rename the file using the BonsaiFramework standards,
Code Block |
---|
mv sub.class1.server.ca.pem sub.class1.server.ca.pem.crt |
After the extension change double click on the file in Windows to inspect the certificate.
Copy the Issued to: name as this will be used to rename the file,
Code Block | ||
---|---|---|
| ||
mv sub.class1.server.ca.pem StartCom_Class_1_Primary_Intermediate_Server_CA_base64.pem.cer |
What About the CA Certificate?
...