CSR Support

 

Apache + Raven

Note: The Certificate Signing Request (CSR) instructions are followed by key pair backup instructions

Creating a Certificate Signing Request and Key

  1. Enter Server Name (Common Name).
  1. Select size of encryption key (1024 recommended).

 *Note: The encryption key size (512 bit, 1024 bit) has nothing to do with the actual session key (128 bit, 40 bit).

  1. Enter pass phrase to encrypt key.s

Warning: If you lose the passphrase, you must purchase another certificate.

  1. Choose the server to request a certificate for:

Version 1.5.1 select NO to send the CSR to ipsCA

Version 1.5 select YES to send the CSR to ipsCA

 Note: If you select no, a required field will be missing and the CSR will be invalid.

 Version 1.5x enter the same pass phrase entered generating the private key above.  

 
  1. Enter the information to be displayed in the certificate.  

Distinguished Name Field

Explanation

Example

Country Name

The two-letter ISO abbreviation for your country

US = United States

State or Province Name

The state or province where your organization is located. Can not be abbreviated.

Georgia

City or Locality

The city where your organization is located.

Atlanta

Organization Name

The exact legal name of your organization. Do not abbreviate

IPS S.L.

Organizational Unit

Optional for additional organization information

Marketing

Common Name (Server Host Name)

The fully qualified domain name for your web server. You will get a certificate name check warning if this is not an exact match.

If you intend to secure the URL https://secure.yourURL.com, then your CSR's Server Hostname must be secure.yourURL.com

Server Admin.'s email address

Your email address

abc@yourURL.com

 
  6.  Send the CSR to your email address or display the CSR on your             console.
  1. Exit RavenCTL
  1. While waiting for your certificate from IPSCA, you can use the self-signed certificate generated above.

**** Note: If you would like to verify the contents of the CSR, use the following command:

$ openssl req -noout -text -in server.csr

  1. Create a backup copy of the private key.

Backup the servername.key file from the raven/module/pki/keys directory to a secure location and remember the PEM passphrase (step 3).

**** Note: To view the contents of the private key, use the following command:

$ openssl rsa -noout -text -in servername.key

  1.  Submit your CSR to IPSCA.  

 



 CSR installation

 

Installing a Secure Server Digital Certificate on a Covalent Server

The certificate that you will receive from IPSCA will contain two parts - a server part,and a CA part. These will be clearly marked in the certificate that you will receive.

Certificates and keys are managed by the Raven System Management Interface, found at /usr/local/raven/bin/ravenctl. Keys are stored by default at /usr/local/raven/module/pki/keys and certs, by default are stored at /usr/local/raven/module/pki.

The following procedure shows the process required to install a Secure Server Digital Certificate from IPSCA.

    1. The certificate you receive from IPSCA will look similar to:

      -----BEGIN CERTIFICATE-----
      JIEBSDSCEXoCHQEwLQMJSoZILvoNVQECSQAwcSETMRkOAMUTBhMuVrMIoAnB
      dNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYDVQLExNQZXJzb2
      5hIENlcnRpZmljYXRlMSQwIgYDVQQDExtPcGVuIE1hcmtldCBUZXN0IFNlcn
      ZlciAxMTAwHhcNOTUwNzE5MjAyNzMwWhcNOTYwE0MjAyOTEwWjBzMQswCQYD
      VQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4xHDAa
      BgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUxJDAiBgNVBAMTG09wZW4gTWFy
      a2V0IFRlc3QgU2VydmVyIDExMDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDU
      /7lrgR6vkVNX40BAq1poGdSmGkD1iN3sEPfSTGxNJXY58XH3JoZ4nrF7mIfv
      pghNi1taYim vhbBPNqYe4yLPAgMBAAEwDQYJKoZIhvcNAQECBQADQQBqyCp
      ws9EaAjKKAefuNP+z+8NY8khckgyHN2LLpfhv+iP8m+bF66HNDUlFz8ZrVOu
      3WQapgLPV90kIskNKXX3a
      ------END CERTIFICATE-----

      Cut and paste the entire text, including the BEGIN and END certificate lines, into a text file (ie. /tmp/cert.txt) .

    2. Run ravenctl. Select 'Raven PKI Certificate Manager'
      Select 'Install Signed Certificate'. The following questions will be asked.
      Name of the certificate file to install? -->

      Put the full path name of the recently saved certificate (ie. /tmp/cert.txt)
      It will install the signed certificate in
      /usr/local/raven/module/pki/certs/cert.txt.cert.
      If the file name does not include a .cert extension, the install process will
      append .cert to the file name when installing.

      Note: If there is already a certificate by that name it will prompt you if you
      would like it to overwrite the old certificate.

      Note: You can rename the signed certificate file to anything you would like. 
      It is typical to name it the same name as the domain you are securing 
      (ie. domain.cert).If successful you will get the following message:

      Key and certificate have been successfully installed.  Thanks for choosing Raven. 
      Press [ENTER] to continue:

    3. You will then need to edit Apache's run-time configuration file to point the Raven
      SSL module to the new certificate and key. The pertinent lines should look like:

       SSLCertificateFile /usr/local/raven/module/pki/certs/yourserver.cert
      SSLCertificateKeyFile /usr/local/raven/module/pki/keys/yourserver.key
    4. The temporary file (/tmp/cert.txt in this example) can now be removed and the server
      should be restarted.

 

  return to the top

© 1996 - 2007 ipsCA, IPS Certification Authority, S.L. all Rights reserved.
Our CPS summarized or complete, CRLs, Root Certificates and legal documents
  can be found in our repository
Read our  Privacy Policy and Terms of Use