OpenSSL program now asks you a series ofquestions (Web site)
OpenSSL program now asks you a series ofquestions regarding your identity. 5.Enter the two-letter code for your country. For example, type USfor United States or CAforCanada. 6.Enter the full name (not the abbreviation) foryour state or province. 7.Enter the name of your organization (a com- pany name, for example). 8.Enter the name of your department within theorganization. Or, if you re requesting a certifi- cate for your entire organization, just pressEnter. 9.Enter the name of your Web server (for exam- ple, www.example.com). If you have (or plan tohave) multiple Web servers at your site, use a * in place of the host name, like this: *.example. com(you still need to include your domainname). It s very important that you enter your real Webserver name here. When the CA issues a certifi- cate, it belongs to a specific Web site. If you tryto use that certificate on a Web server with a dif- ferent name, visitors to your Web site will begreeted with a scary message warning of certifi- cate forgery. 10.Enter your e-mail address. 11.Next, you re prompted for two extra pieces ofinformation: a challenge password and anoptional company name. Just press Enter twiceto ignore those questions. OpenSSL saves the resulting CSR (certificatesigning request) in /etc/httpd/conf/ssl.csr/ server.csr. If you d like to see what s inside the CSR in human- readable form, use the following command: $ openssl req -text -inssl.csr/server.csr. You see a result similar to that shown in Listing 45-1. CSR contains two important pieces of information: your identity and your public key. In an SSL certificate, the identity is called the subject(and the CA is called the issuer). Every subject (and every issuer) is identified by the followinginformation: Location (country, state/province, city) Organization (organization name and organiza- tional unit) Common name (the name of your Web server, asseen by the outside world) E-mail addressIf you re a Fedora user, you can use the toolsinstalled with Apache to generate a CSR (we showyou how in a moment). If you re not using Fedora, you have a bit more work to do: We suggest usingWebmin and Webmin s Certificate and Key Manage- ment module to generate a CSR. Technique 17 showsyou how to install and use Webmin (the Certificateand Key Management module is an add-on that you llhave to download separately from the www.webmin. comWeb site). Fedora makes it easy to create a CSR (and the public/private key pair that you need in order to sign the CSR): 1.Open a terminal window and give yourselfsuperuser privileges with the sucommand. 2.Move to the directory /etc/httpd/conf: # cd /etc/httpd/conf3.Type make certreqand press Enter. 4.If you have an existing server key (it s stored in/etc/httpd/conf/ssl.key/server.key), you reprompted for the passphrase for that key. If youdon t have an existing server key, OpenSSL cre- ates a new server key for you and asks for apassphrase that will protect your private serverkey from unauthorized use. In either case, typein the passphrase and press Enter.
In case you need quality webspace to host and run your web applications, try our personal web hosting services.