Join Sean Colins for an in-depth discussion in this video Setting up a secure website, part of Understanding Secure Sockets Layer.
- In this movie I'm going to show you how to get your certificate that we created in the previous movie signed by your certificate authority which we've created several movies ago. So let's go ahead and get started with that. Couple of housekeeping notes before we get started. Remember if you are skipping around that there is a lot of sequential nature to this chapter so skipping around is not recommended, but we are as I said in a previous movie, we are in a sudo session, so I have typed sudo -s and entered the password so we can issue all these commands as root, cause that's necessary, and we are gonna move forward from here.
Also just really quickly, if you ever wonder where you are print working directory, pwd, will tell you exactly where you are and you need to be inside of that groundswell directory that we created before because otherwise these commands won't be able to place things into the folders that we calling out. I'm going to type clear just so we can get back to a nice, clean, empty slate here. So, I'm going to type this in with the magic of command-v, I typed this earlier and I'm pasting it in here to save time So we're using the openssl command and the ca or certificate authority verb and we're telling it, we're going to use a policy that is, policies anything, kind of anything goes, we're not going to be super strict about matching of fields and we're going to allow not entering things like email addresses, etcetera, anything that's optional basically can not be in a field and it will be fine, it won't error out.
We're going to put out the result into our certs folder and of course our certs folder is inside of that groundswell folder and that's why it's really important to make sure that we have cded into that groundswell folder, that's why I ran print working directory just a moment ago. We're going to put out a file called groundswell.pem that's going to be the name of our certificate file whenever we're done and we will be going into the certs folder in order to get it when we are done, so that's important and it's good to know where it is.
The in is from the req folder and inside of the req folder, right now actually, and I will go there and show it to you there is a file called groundswell.req and that's why we're calling this out, we're telling OpenSSL CA that that's where it's going to go to find the CSR or the certificate signing request. So I'm going to show you that right now, we're going to go and we're going to Go to Folder and go directly into groundswell, you can see here I'm holding down the command key on my Mac keyboard and in the menu bar you can see the entire pathway to a folder, pretty nifty.
And inside of there you can see I've got my req folder that we created and there's the groundswell.req file. Whatever is there you need to put in here, it's really important that those things are spelled exactly identically and that they are where they're supposed to be. I'm now going to hit the return key and it tells us that it's using the configuration from the openssl.cnf file, that's the one we edited in movie one and we created a passphrase you'll recall on our cakey.pem file so I'm simply going to type in that passphrase and hit return and it gives us all of the serial number information, it gives us all of our country name, all of this remember that we've entered all of this information earlier and it's asking us if we want to certify this, it's saying it's going to be certified until this date, it tells us how many days off into the future that is and do we want to sing the certificate.
And we type a y and hit return and it tells us that one out of one certificate requests are certified, do we want to commit this change and yes and return. Writes out the database with one new entry, the database is updated and we're good. So if we go back into the finder here and we go to the folder, what we will see is in certs we have our groundswell.pem file, it's the resulting file from all of this madness we've gone through, is to get this pem file.
In our next movie we're going to show you how to configure the Apache service on a standard system to utilize the certificate that we just created.
- SSL communications
- Certificate authorities
- Public key infrastructures
- Symmetric and asymmetric key pairs
- Cryptographic hash functions
- Encryption algorithms
Start now, and by the end of this course you'll have the knowledge to create SSL certificates, as well as revoke and renew them, from the command line.