SSLCertificate/SSL Certificates Using Open SSL

From Emersion
Revision as of 12:39, 26 February 2015 by Scarpenter (talk) (Step One: Generate the CSR)
Jump to: navigation, search

SSL Certificates Using OpenSSL

This article is designed for Emersion clients who need to obtain an SSL certificate but have limited access to resources who are educated in web technologies, specifically Open SSL. The process described below is only one method to obtaining a valid certificate. It is best if you engage with a company who can complete this process for you, but if you wish to do-it-yourself, we have provided a method below.

At the end of this process you will have an SSL certificate that is verified (signed) and a private key. You need to submit both of these to Emersion.

Prerequisites

First, install Open SSL on your computer, or log in to a computer or server with Open SSL installed on it.

Step One: Generate the CSR

Despite claims to the contrary, you do not need Emersion to generate the CSR from our web server.

You can generate a certificate from any machine with Open SSL installed

Generating a Certificate Signing Request (CSR) is the first step to obtaining your certificate. You need to know the URL of your website and the certificate will only be valid for that URL.

E.g.: myaccount.yourdomain.com.au, signup.yourdomain.com.au

1. Go to the Open SSL CSR generator 2. Fill in the details 3. When you are happy with your settings, click Generate. It should look like the example below.

CSR request.png

In the Open SSL CSR generator, you will be shown a command to copy/paste containing the parameters you entered.

4. Copy (CTRL+C) the command to the clipboard.

5. On the machine with Open SSL, open a terminal session, paste the command and run it.

OpenSSL creates both your private key and your CSR. It saves them to two files:

  • signup_mycompany_com_au.key
  • signup_mycompany_com_au.csr

You will need to keep both of these files handy and we recommend you store them in a secure location.

Step Two: Contact a Certificate Signing Authority

Once you have a CSR for your website, it needs to be sent to a Certificate Signing Authority who will validate and sign the certificate for you. The verification and validation process will vary based on the provider, the type of SSL certificate you request and how long you want the certificate to be valid for.

Emersion remains independent and will not recommend a specific Certificate Signing Authority. A certificate Signing Authority will assist you to choose the certificate that best suits you, and guide you on the specific process for your certificate.

Step: Three: Sending the Certificate and the Private Key to Emersion

Once the signed SSL certificate has been delivered to you, forward it to Emersion with the Private Key. We need both the SSL Certificate and Private Key in order to complete the installation of the SSL Certificate on the server.

It will look like this when opened:

A signed SSL Certificate

SSL certificate.png


Private Key – Viewed in a text editor

SSL private key.png

Emersion is not a Certificate Signing Authority. We cannot sign or verify a certificate request for you.

Retrieved from "https://mediawiki.emersion.com.au/wiki/index.php?title=SSLCertificate/SSL_Certificates_Using_Open_SSL&oldid=3773"