SSL Certificate astuce/review ( fr & EN( lite )

Read 252536 times
Hello

I am french sorry for my language english bad

For Installing SSL , the major question is not Private Key , but CSR/RSA  ( beaucoup de personne ont dut avoir a faire a cela si il on voulut installer un certificat SSL )

Two Astuce :

1- You have web server with possibility generate CRT >>>   Generate Key private with Command ligne ( CentovaCast ) :
/usr/local/centovacast/bin/openssl genrsa -out /root/private.key 2048 \
    -config /usr/local/centovacast/etc/openssl.cnf
Chek your Private key Install in you're web serveur , generate CRT signed whit private key
Download youre certificate and delete key web serveur ( no centova )
Upload in repertory in your é serveur hosted centovacast  certificates  ( totaly )

>>>> Commande ligne centovacast

/usr/local/centovacast/sbin/setssl /path/to/private.key /path/to/certificate.pem

( remplace path to private key for destination of you're private key and path/to/certificate.pem for destion of youre certificate for you're domain .crt  no pem  )

Astuce 2 :        Generate keys and certificate:

To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command :

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.

In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).

You will now be asked to enter details to be entered into your CSR.

What you are about to enter is what is called a Distinguished Name or a DN.

For some fields there will be a default value, If you enter '.', the field will be left blank.


Country Name (2 letter code) [AU]: GB
State or Province Name (full name) [Some-State]: Yorks
Locality Name (eg, city) []: York
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: mysubdomain.mydomain.com
Email Address []:
Please enter the following 'extra' attributes to be sent with your certificate request

A challenge password []:
An optional company name []:
Use the name of the web-server as Common Name (CN). If the domain name (Common Name) is mydomain.com append the domain to the hostname (use the fully qualified domain name).

The fields email address, optional company name and challenge password can be left blank for a webserver certificate.

>>>>> Download Certificat >>>>>>>>>>>>> Commande ligne (centovacast )

/usr/local/centovacast/sbin/setssl /path/to/private.key /path/to/certificate.pem

( remplace path to private key for destination of you're private key and path/to/certificate.pem for destion of youre certificate for you're domain .crt  no pem  )

POUR UNE EXPLICATION EN FRANCAIS UNE AIDE N'HESITEZ PAS MEME EN ANGLAIS

LE CSR EST QUASI OBLIGATOIRE ICI JE VOUS EST CITER DEUX METHODE DE GENERER UN CSR SIMPLEMENT ET DE COMMENT INSTALLER VOTRE CERTIFICAT ,  TOUS LES CERTIFICAT A METTRE DANS UN MEME DOSSIER ET SURTOUT POUR LA FIN DE LIGNE " path/to/certificate.pem   NE PAS METTRE LE CA BUNDLE DU RESTE CECI DOIT ETRE UN ERREUR DE CENTOVA MAIS VOTRE CHEMIN DU CERTIFICAT AU NOM DU DOMAINE ET BIEN-SUR TOUS SONT EN .crt et Non .pem   Ceci vous permmettra d installer tous certificat de votre choix !!!!

Thank's  Merci a tous

AdE