|
Cobalt
RaQ3/RaQ4
Creating a Certificate
Signing Request
- Enable
SSL.
(reference
Cobalt instructions in the Cobalt Raq3 Manual in .pdf format at:) http://www.cobalt.com/support/resources/manuals.html
- Generate
a "self-signed" certificate.
(reference
Cobalt instructions in the Cobalt Raq3 Manual in .pdf format at:) http://www.cobalt.com/support/resources/manuals.html
- Back-up
the "private key".
The
private key file should begin with -----BEGIN RSA PRIVATE KEY-----
and
end in -----END RSA PRIVATE KEY-----.
For
the admin server: /home/sites/home/certs/key
For
all others find the corresponding site number: /home/sites/site##/certs/key
*Note:
Do not create another CSR after you have submitted your order to us.
Otherwise, the certificate that we will send you will not work properly.
- Submit
your CSR to IPSCA.
Installing a Server Certificate
using Cobalt RaQ3/RaQ4
|
IPSCA will send your Certificate via
e-mail.
Your certificate will look something like the following:
-----BEGIN CERTIFICATE-----
JIEBSDSCEXoCHQEwLQMJSoZILvoNVQECSQAwcSETMRkOAMUTBhMuVrM
mIoAnBdNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYDVQ
QLExNQZXJzb25hIENlcnRpZmljYXRlMSQwIgYDVQQDExtPcGVuIE1hc
mtldCBUZXN0IFNlcnZlciAxMTAwHhcNOTUwNzE5MjAyNzMwWhcNOTYw
NTE0MjAyOTEwWjBzMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIER
hdGEgU2VjdXJpdHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydG
lmaWNhdGUxJDAiBgNVBAMTG09wZW4gTWFya2V0IFRlc3QgU2VydmVyI
DExMDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDU/7lrgR6vkVNX40BA
q1poGdSmGkD1iN3sEPfSTGxNJXY58XH3JoZ4nrF7mIfvpghNi1taYim
vhbBPNqYe4yLPAgMBAAEwDQYJKoZIhvcNAQECBQADQQBqyCpws9EaAj
KKAefuNP+z+8NY8khckgyHN2LLpfhv+iP8m+bF66HNDUlFz8ZrVOu3W
QapgLPV90kIskNKXX3a
-----END CERTIFICATE-----
Step one:
Copy the server certificate, including
the begin certificate and end certificate lines into a text editor
such as Notepad (do not use Word or another word processor
program.) Make sure that the certificate appears as formatted above.
In other words, make sure that the aforementioned lines are
included.
Please refer to the Cobalt user guides
available at http://emea.cobalt.com/support/resources/manuals.html replace the pending certificate with your ipsCA
certificate in the SSL Settings of your
Raq. |
Step two: Install the Intermediate
Certificates
You will need to install the chain
certificate (intermediate) so that browsers can trust your
certificate. As well as your SSL certificate (
yourdomainname.crt) two other certificates, named IPSSERVIDORES.crt and ipsCACLASEA1.crt , are also attached to the email from ipsCA. Apache users will not
require these certificates. Instead you can install the intermediate
certificates using a 'bundle' method IPS-IPSCABUNDLE.crt.
In the Virtual Host settings for your site,
in the httpd.conf file, you will need to add the following SSL directives.
This may be achieved by:
1. Copy IPS-IPSCABUNDLE.crt to the same directory as httpd.conf (this contains all of
the ca certificates in the ipsCA chain).
2. Add the following line to httpd.conf
(assuming /etc/httpd/conf is the directory mentioned in 1.), if the line
already exists amend it to read the following:
SSLCACertificateFile
/etc/httpd/conf/IPS-IPSCABUNDLE.crt
If you are using a different location and
certificate file names you will need to change the path and filename to
reflect your server.
The SSL section of the updated httpd config
file should now read similar to this example (depending on your naming and
directories used):
SSLCertificateFile
/etc/ssl/crt/yourdomainname.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCACertificateFile /etc/httpd/conf/IPS-IPSCABUNDLE.crt
Save your httpd.conf file and restart. You
can most likely do so by using the apachectl script:
apachectl stop
apachectl startssl
You are can start using your
ipsCA certificate with your Cobalt Raq.
|
