Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: tspoon1986 on March 16, 2010, 01:57:37 AM

Title: Installing Certificate from ipsCA on SME
Post by: tspoon1986 on March 16, 2010, 01:57:37 AM: Hi,

I'm after a bit of advice in regards to installing a certificate from a third party on SME Server. I don't know a whole heap about certificates, so I'm learning as I go.

Currently we use the default self-signed certificate, but I'd like to get a proper commercial one. The company http://certs.ipsca.com/ (http://certs.ipsca.com/) provides certificates for free to educational institutions (like ours).

Having read the info that I can find about certificates on SME, it seems I need the .crt and .key files from ipsCA and I need to place them in /home/e-smith, and run the

Code: [Select]
config setprop modSSL crt /home/e-smith/ssl.crt/{domain}.crt config setprop modSSL key /home/e-smith/ssl.key/{domain}.key
commands. Seems straightforward.

However, ipsCA requires that I submit a Certificate Request before I get a certificate from them. They have instructions for how to do this on other platforms, for example, Red Hat: http://certs.ipsca.com/Support/CSRRedHatLinux.asp (http://certs.ipsca.com/Support/CSRRedHatLinux.asp)

I notice openssl is installed on SME. Is the above process written for Red Hat likely to work for SME, or will it be different for different platforms?

In addition, ipsCA states that I need to install two additional certificates for "correct SSL connections" to be made. http://certs.ipsca.com/Support/SSLServerSUPPORT.asp (http://certs.ipsca.com/Support/SSLServerSUPPORT.asp) Is it necessary or even possible to install these additional certificates for SME?

I realise these enquiries are really outside the bounds of Contribs.org's responsibility, but if anyone's willing to offer me advice anyway I'd really appreciate it!

Thanks,
tspoon1986.
Title: Re: Installing Certificate from ipsCA on SME
Post by: crazybob on March 16, 2010, 02:42:51 AM: Have a look at http://wiki.contribs.org/Custom_CA_Certificate (http://wiki.contribs.org/Custom_CA_Certificate). It has a script for generating the cert request.
Title: Re: Installing Certificate from ipsCA on SME
Post by: tspoon1986 on March 18, 2010, 11:42:29 PM: Thanks crazybob, wasn't sure if that would apply because it was written for a different certificate provider. I'll give it a go.