以下是内容,不晓得是什么意思,好像是SSL之类的东西,麻烦大家帮忙翻译一下哈,多谢了Hi ,Do you know how to generate the CSR from your apache , They want to buy a SSL for system . Please generate the CSR from your web server to processThanks
解决方案 »
- getHibernateTemplate() 为空 怎么处理?
- servlet 中获取输出的 html
- struts1的问题。。
- javascript,为何你会一直让我头疼.....有成功案例的贤者请进...
- 在同一个tomcat服务器中的两个不同应用,想在一个应用的jsp文件中调用另一个应用的jsp文件并传递一个参数过去(只是执行一下该文件,而在客户端显示的还是调用他的那个jsp文件的内同)。请问怎么做好?
- 公司要建网站,在这里向大家咨询一些问题
- hibernate 表的关系
- 请问如何只让在浏览器地栏输入http://local:8080/test/login_init.do有效,而屏蔽系统中其他的....x.do
- 一个简单的问题,大家帮帮我啊,我是个弱手啊!
- 在SERVLET中用response.sendRedirect("http://127.0.0.1:8080/Register_per_key.jsp?username="+mobile+"");指向一个网页为什么出现乱码�
- Acegi 1.0.4配置问题。有个地方总是显示错误,可我是新手,看不出来…………
- 关于eclipse的问题,非常奇妙
General CSR Creation Guidelines
Before you can order your SSL Certificate, you must first generate a CSR (Certificate Signing Request) on your server. A CSR is an encrypted body of text. Your CSR will contain encoded information specific to your company and domain name; this information is known as a Distinguished Name or DN.
In the DN for most servers are the following fields: Country, State (or Province), Locality (or City), Organization, Organizational Unit, and Common Name. Please note: * The Country is a two-digit code -- for the United States, it's 'US'. For countries outside of the United States, see our listing of SSL Certificate Country Codes.
* State and Locality are full names, i.e. 'California', 'Los Angeles'.
* The Organization Name is your Full Legal Company or Personal Name, as legally registered in your locality.
* The Organizational Unit is whichever branch of your company is ordering the certificate such as accounting, eting, etc.
* The Common Name is the Fully Qualified Domain Name (FQDN) for which you are requesting the ssl certificate.Please note: Unless you are purchasing a WildCard Certificate, your certificate is only good for the exact domain you list, and additional subdomains will not be secured. For example, if you register www.digicert.com, then subdomains like sales.digicert.com, secure.digicert.com, and members.digicert.com will NOT be secure. If you want to secure a specific subdomain, enter the entire Fully Qualified Domain Name as your Common Name.
If you are generating a CSR for a Wildcard Certificate your common name must start with *. (for example: *.digicert.com). The wildcard character (*) will be able to assume any name that does not have a "dot" character in it.
Complete these steps in order to generate a CSR and submit the CSR to the third-party CA:Install and open the OpenSSL application.In Windows, by default, openssl.exe is located at c:\openssl\bin.Issue this command:OpenSSL>req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem
After you issue the command, there is a prompt for some information: country name, state, city, and so on.Provide the required information.The most important information that you need to provide correctly is the Common Name. Ensure that the host name that is used to create the certificate (Common Name) matches the Domain Name System (DNS) host name entry for the virtual interface IP on the WLC and that the name actually exists in the DNS as well. Also, after you make the change to the VIP interface, you must reboot the system in order for this change to take effect.Note: The DNS host name must be entered in the WLC under Interfaces > Edit for the virtual interface. This is used to verify the source of certificates when Web Auth is enabled. Reboot the controller to have this change take effect. After you provide all the required details, you end up with two files:a new private key that has the name mykey.pem a CSR that has the name myreq.pemThese files are stored in the default directory where OpenSSL is installed (c:\openssl\bin, in this case). The file myreq.pem is the file that contains the CSR information. This information must be submitted to the third-party CA so that the third-party CA can generate a digital certificate. Here is example command output when you issue this command with the use of the OpenSSL application:OpenSSL>req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
................................................................++++++
...................................................++++++
writing new private key to 'mykey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:San Jose
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ABC
Organizational Unit Name (eg, section) []:CDE
Common Name (eg, YOUR name) []:XYZ.ABC
Email Address []:[email protected] enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Test123
An optional company name []:
OpenSSL>Note: Remember the challenge password and preserve the key file. Most likely, you will need the password when you import the digitally signed certificate that the third-party CA sends (unless the third-party CA sends a new password along with the digital certificate that it generates for you or your organization).Now that your CSR is ready, copy and paste the CSR information into any CA enrollment tool.In order to copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters. Cisco recommends that you use Microsoft Notepad or UNIX vi. Refer to the website of the third-party CA for more information on how to submit the CSR through the enrollment tool. After you submit the CSR to the third-party CA, the third-party CA digitally signs the certificate and sends back the signed certificate via e-mail. Copy the signed certificate information that you receive back from the CA into a file.This example names the file CA.pem.Combine the CA.pem certificate with the private key, and then convert the file to a .pem file.Issue this command in the OpenSSL application:openssl>pkcs12 -export -in CA.pem -inkey mykey.pem -out CA.p12 -clcerts
-passin pass:check123 -passout pass:check123!--- This command should be on one line.openssl>pkcs12 -in CA.p12 -out final.pem -passin pass:check123 -passout pass:check123
你知道如何生成你Apache的证书签约请求(Certificate Signing Request)吗?
他们要为系统买个安全套接字层(Secure Socket Layer)。
请在你的网络服务器生成CSR以供处理http://www.geotrust.com/resources/csr/apache2.htm