SUNScholar/Secure Internet Connections/S02

NEXT

PREVIOUS

Application
Send the file, %hostname%.csr in the /etc/ssl/certs folder to a recognised certificate authority for signing.

Try to shop around for the best prices. See: http://www.sslshopper.com

Activation
Assuming that the supplied signed certificate from your chosen SSL registrar above, is called verisign.cer and is stored in the /root folder, follow the procedure below as the root user to activate the signed certificate. sudo -i

cd /root

cp verisign.cer /etc/ssl/certs/%hostname%.crt

To extract details of the signed certificate, type the following. openssl x509 -text -in /etc/ssl/certs/%hostname%.crt

See example extraction below. root@ar1:/etc/ssl/certs# openssl x509 -text -in /etc/ssl/certs/ar1.sun.ac.za.crt Certificate: Data: Version: 3 (0x2) Serial Number: 29:48:0a:37:5a:d7:bc:89:c8:87:61:a3:e3:74:75:c5 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Secure Server CA - G3       Validity Not Before: Oct 23 00:00:00 2012 GMT Not After : Oct 24 23:59:59 2013 GMT Subject: C=ZA, ST=Western Cape, L=Stellenbosch, O=Universiteit Stellenbosch, OU=JS Gericke Library, CN=ar1.sun.ac.za       Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ba:2a:22:98:c8:62:31:4b:6a:75:fd:7c:db:29: 0c:c4:5a:c4:93:bb:34:2a:72:2f:2a:cb:95:e8:60: 43:6d:72:f8:0b:e8:12:4c:8c:f3:47:13:69:2e:f8: 7b:cc:23:33:4d:06:fb:4d:a4:2f:34:2c:c4:0b:bc: 4a:73:bb:a2:ab:a1:88:59:a7:81:b8:85:b4:9b:c0: 92:2a:86:03:68:38:30:f7:ef:31:1b:8f:79:a7:12: 0d:fc:4a:3a:ab:62:03:07:e5:c0:c9:3a:c4:af:94: 6f:dd:87:d5:80:5e:41:b6:92:25:5b:7d:bc:f7:a4: f9:82:ef:36:74:8d:a6:fa:39:7b:aa:23:ea:1d:97: b1:c7:e3:a4:82:3f:19:88:33:56:34:1f:20:02:a0: f7:fd:2e:2a:ec:a9:87:e7:26:1f:93:41:b0:65:f0: 1f:da:12:66:96:97:93:5f:42:bf:b6:bc:9b:7c:74: 6f:9c:09:6c:51:f6:fb:e2:78:4b:97:96:12:77:d2: 4a:ed:75:aa:e3:db:05:e5:8a:e5:3c:ea:a5:dd:34: 20:8f:27:e4:30:2e:58:17:30:dd:1c:06:ae:30:de: 89:08:7e:a5:a1:48:24:0a:be:5e:4e:fb:9f:1f:dc: 52:d0:51:df:99:c4:ab:fb:5c:b0:1d:72:cf:be:26: d6:f1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:ar1.sun.ac.za           X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 CRL Distribution Points:

Full Name: URI:http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

X509v3 Certificate Policies: Policy: 2.16.840.1.113733.1.7.54 CPS: https://www.verisign.com/cps

X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Authority Key Identifier: keyid:0D:44:5C:16:53:44:C1:82:7E:1D:20:AB:25:F4:01:63:D8:BE:79:A5

Authority Information Access: OCSP - URI:http://ocsp.verisign.com CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer

Signature Algorithm: sha1WithRSAEncryption 02:14:7a:e5:21:81:4d:e9:6f:3a:45:38:cf:f5:0c:7c:88:0b: 73:58:aa:d7:f9:c3:9e:32:2a:fa:76:15:a5:1d:15:4e:4c:44: 11:d5:7c:25:c9:5f:f9:45:f9:a4:11:90:40:42:68:d4:28:7d: ed:08:67:6d:6c:3b:6e:d5:e0:cd:28:c7:54:7d:e5:61:cc:9d: 5e:ab:0b:30:30:37:8e:55:ec:51:e6:f7:ff:d5:b4:fb:05:79: 6e:46:44:1b:c8:4f:4d:6f:d5:53:d9:42:d7:00:93:38:0b:a0: 48:99:ef:0c:15:29:16:e3:36:ca:e7:4c:61:72:23:36:69:89: cb:34:a0:7e:82:65:6f:35:d8:78:1a:d6:fd:34:60:c6:12:64: 8d:76:85:a4:c0:88:17:7a:44:6e:95:3d:59:0d:96:1f:90:37: cd:02:b7:d2:77:d7:45:a0:57:03:b8:67:24:81:07:3d:f2:7f: 07:6a:68:71:1f:72:df:77:2e:22:bf:ad:72:e0:bb:0b:4d:0a: 0c:63:0e:9d:60:85:2f:eb:7a:c7:65:50:bb:59:06:4b:4a:5f: 1f:2a:e2:75:2c:e9:f9:18:fc:f0:6d:e7:22:38:71:53:ea:f1: 4b:66:dc:7b:8c:3a:45:b2:a6:e3:4d:2c:be:f9:2c:c2:3a:66: 30:58:66:5f -BEGIN CERTIFICATE- MIIFVDCCBDygAwIBAgIQKUgKN1rXvInIh2Gj43R1xTANBgkqhkiG9w0BAQUFADCB tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTIxMDIz MDAwMDAwWhcNMTMxMDI0MjM1OTU5WjCBlDELMAkGA1UEBhMCWkExFTATBgNVBAgT DFdlc3Rlcm4gQ2FwZTEVMBMGA1UEBxQMU3RlbGxlbmJvc2NoMSIwIAYDVQQKFBlV bml2ZXJzaXRlaXQgU3RlbGxlbmJvc2NoMRswGQYDVQQLFBJKUyBHZXJpY2tlIExp YnJhcnkxFjAUBgNVBAMUDWFyMS5zdW4uYWMuemEwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQC6KiKYyGIxS2p1/XzbKQzEWsSTuzQqci8qy5XoYENtcvgL 6BJMjPNHE2ku+HvMIzNNBvtNpC80LMQLvEpzu6KroYhZp4G4hbSbwJIqhgNoODD3 7zEbj3mnEg38SjqrYgMH5cDJOsSvlG/dh9WAXkG2kiVbfbz3pPmC7zZ0jab6OXuq I+odl7HH46SCPxmIM1Y0HyACoPf9LirsqYfnJh+TQbBl8B/aEmaWl5NfQr+2vJt8 dG+cCWxR9vvieEuXlhJ30krtdarj2wXliuU86qXdNCCPJ+QwLlgXMN0cBq4w3okI fqWhSCQKvl5O+58f3FLQUd+ZxKv7XLAdcs++JtbxAgMBAAGjggF9MIIBeTAYBgNV HREEETAPgg1hcjEuc3VuLmFjLnphMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWg MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9TVlJTZWN1cmUtRzMtY3JsLnZlcmlz aWduLmNvbS9TVlJTZWN1cmVHMy5jcmwwQwYDVR0gBDwwOjA4BgpghkgBhvhFAQc2 MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFA1EXBZTRMGC fh0gqyX0AWPYvnmlMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDov L29jc3AudmVyaXNpZ24uY29tMEAGCCsGAQUFBzAChjRodHRwOi8vU1ZSU2VjdXJl LUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2VyMA0GCSqGSIb3DQEB BQUAA4IBAQACFHrlIYFN6W86RTjP9Qx8iAtzWKrX+cOeMir6dhWlHRVOTEQR1Xwl yV/5RfmkEZBAQmjUKH3tCGdtbDtu1eDNKMdUfeVhzJ1eqwswMDeOVexR5vf/1bT7 BXluRkQbyE9Nb9VT2ULXAJM4C6BIme8MFSkW4zbK50xhciM2aYnLNKB+gmVvNdh4 Gtb9NGDGEmSNdoWkwIgXekRulT1ZDZYfkDfNArfSd9dFoFcDuGckgQc98n8Hamhx H3Lfdy4iv61y4LsLTQoMYw6dYIUv63rHZVC7WQZLSl8fKuJ1LOn5GPzwbeciOHFT 6vFLZtx7jDpFsqbjTSy++SzCOmYwWGZf -END CERTIFICATE-

Check CSR
Click on the following link to check the CSR: https://ssltools.websecurity.symantec.com/checker/views/csrCheck.jsp

Example listing of SSL certs
root@ir1:/etc/ssl/certs# ls -l scholar.sun.ac.za.* -rw-r--r-- 1 root root 1864 2010-09-21 13:42 scholar.sun.ac.za.crt -rw-r--r-- 1 root root 749 2010-09-15 09:31 scholar.sun.ac.za.csr -rw-r--r-- 1 root root 245 2010-09-15 09:31 scholar.sun.ac.za.gendh -rw-r--r-- 1 root root 887 2010-09-15 09:31 scholar.sun.ac.za.key -rw-r--r-- 1 root root 1969 2010-09-15 09:31 scholar.sun.ac.za.pem -rw-r--r-- 1 root root 3957 2012-10-01 09:35 scholar.sun.ac.za.pkcs12 -rw-r--r-- 1 root root 512 2010-09-15 09:31 scholar.sun.ac.za.rand