Changes between Initial Version and Version 1 of maintain/SSL

Timestamp:

01/30/13 12:00:07 (11 years ago)

Author:

slavazanko

Comment:

--

maintain/SSL

@@ +1 @@
+= How to re-sign the certificate =
+See http://www.midnight-commander.org/ticket/2578 for details.
+
+If you want to create new private key, run:
+{{{
+openssl  genrsa -out midnight-commander.org.key 2048
+}}}
+
+If you want just re-sign certificate, get the private key from m-c.o server (placed by path /etc/ssl/midnight-commander.org.key) and run the command:
+{{{
+DOMAIN_NAME="www.midnight-commander.org"
+
+expect -c '
+set timeout -1
+spawn openssl req -new -key midnight-commander.org.key -out midnight-commander.org.csr
+match_max 100000
+expect "Country Name"
+send -- "MC\r"
+expect "State or Province Name"
+send -- "'${DOMAIN_NAME}'\r"
+expect "Locality Name"
+send -- "'${DOMAIN_NAME}'\r"
+expect "Organization Name"
+send -- "'${DOMAIN_NAME}'\r"
+expect "Organizational Unit Name"
+send -- "'${DOMAIN_NAME}'\r"
+expect "Common Name"
+send -- "'${DOMAIN_NAME}'\r"
+expect "Email Address"
+send -- "\r"
+expect "A challenge password"
+send -- "\r"
+expect "An optional company name"
+send -- "\r"
+expect eof
+'
+}}}
+
+If you don't have an expect utility, you may manually run the command:
+{{{
+openssl req -new -key midnight-commander.org.key -out midnight-commander.org.csr
+}}}
+
+And fill all fields as it provided in script.
+
+After this, register or login to https://www.startssl.com, validate (if needed) m-c.o domain and run 'Certufucates Wizard' tab on webpage. Skip generation of private key and insert content of midnight-commander.org.csr file to the textarea on webpage. Next, press 'Continue' button and copy content of textarea to midnight-commander.org.crt file. Copy midnight-commander.org.crt file to /etc/ssl/midnight-commander.org.crt file on m-c.o server. Log in to m-c.o server via ssh and run:
+{{{
+sudo su -
+/etc/init.d/nginx restart
+}}}
+
+
+That's all.