Production environments should only use certificates obtained from a respected Certificate Authority, such as those mentioned in the previous section. The certificate will not be validated by Internet Explorer or any other SSL capable web browser, leaving the connection susceptible to third party attacks, such as “man-in-the-middle” attacks. A self-signed certificate should never be used in a production environment. OpenSSL can be used to generate a self-signed certificate for testing purposes. Once you've obtained your certificate, return to the section Enabling HTTPS on your MAP Server. Listed below are a few Certificate Authorities that you may wish to evaluate.įollow the directions provided by the Certificate Authority of your choice to complete your request and obtain your certificate. There are a wide variety of Certificate Authorities on the web, many of which will provide you with a trial certificate for free. The final step in obtaining your SSL Certificate is requesting it from a Certificate Authority using the Certificate Request you created in the previous step. Requesting a Certificate from a Certificate Authority Please refer to the OpenSSL documentation for more information about generating Certificate Requests. When complete you will have a Certificate Request file (.csr) that you can use to obtain a certificate from a Certificate Authority. Ĭommon Name (eg, YOUR name) : Email Address : enter the following 'extra' attributesĪn optional company name : The Widget Company Organization Name (eg, company) : The Widget Company State or Province Name (full name) : California The Common Name field must exactly match the domain/host you wish to protect. From this location, enter the following command to generate the Certificate Request:Ĭ:\OpenSSL\bin\openssl req -new -key MyPrivateKey.key -out M圜ertificate.csrĭuring the process of generating the certificate request, you will be required to answer a series of questions about your certificate. ![]() Open a Windows Command Prompt (Start -> Run -> 'cmd') and navigate to the working directory of your choice (preferably the directory containing MyPrivateKey.key). Creating a Certificate RequestĬreating a certificate request is another simple task using OpenSSL. Please refer to the OpenSSL documentation for more information about generating keys with OpenSSL. For more information on public-key cryptography, refer to cryptography. Messages encoded using your public key can only be decrypted using your private key. Your private key should be stored in a secure location and never distributed to any other party. A password-protected key would require the password to be entered every time the MAPS HTTPS server accesses the certificate. The use of password-protected keys is not supported by MAPS. Note that we have elected to generate a private key without password protection. From this location enter the following command to generate the key:Ĭ:\OpenSSL\bin\openssl genrsa -out MyPrivateKey.key 2048 Open a Windows Command Prompt (Start -> Run -> 'cmd') and navigate to the working directory of your choice. Generating a new private key is a simple task using OpenSSL. You can also generate a self-signed certificate for testing purposes, however for security reasons a self-signed certificate should never be used in a production environment. And, finally, we will request a new certificate from a Certificate Authority. Next, we will use the private key and OpenSSL to generate a Certificate Request. First, we will need to create a private key. Obtaining an SSL Certificate is a three-step process. The first section details how to obtain a new SSL Certificate from a Certificate Authority, while the later section explains how to extract a certificate from an existing web server, IIS in our example, and convert it to a format compatible with MAPS. This document provides an overview of obtaining an SSL Certificate for use with MAPS through several different processes. For the purposes of this guide we will assume that OpenSSL was installed in the default location (C:\OpenSSL). If you have not installed OpenSSL, please do so before continuing. Obtaining an SSL certificate requires the use of OpenSSL. Please refer to their documentation for installation instructions. This tutorial uses OpenSSL, a commercial grade, open source implementation of SSL/TLS. Users should have a good working knowledge of web security before using the information on this page. For instructions on applying the certificate files in MAPS, see HTTP and HTTPS File Server. This page explains how to obtain an OpenSSL certificate.
0 Comments
Leave a Reply. |