3.11.1 Flow of obtaining certificates for SSL communication for the communication server
From a Certificate Authority, obtain certificates (root certificate and server certificate) for SSL communication for the communication server.
The flow of obtaining certificates for SSL communication for the communication server is as follows:
-
Create a private key for the Web server (keygen command).
Specify the file containing the created private key for the Web server in the SSLCertificateKeyFile directive.
-
Create a Certificate Signing Request (CSR) (certutil reqgen command).
-
Display the contents of a Certificate Signing Request (CSR) (certutil req command).
If necessary, check the contents of the Certificate Signing Request (CSR).
-
Send the CSR to the CA.
-
Acquire a certificate from the CA.
-
Create a pair of the obtained client certificate and client private key in PKCS#12 format.
The following shows how to create the pair:
openssl pkcs12 -export -inkey httpsdkey.pem -in client-certificate.pem -out user.p12 -certfile root-certificate.pem
- Tip
-
You can use the certutil cert command to check the contents of the certificate you obtained.
- Tip
-
In the certificate you obtained, save the part from -----BEGINCERTIFICATE----- to -----END CERTIFICATE---- in another file (httpsd.pem file defined in httpsd.conf provided as standard). Defining this file for the SSLCertificateFile directive enables use of SSL.
Related Topics