[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
getting a godaddy cert using certtool
|
From: |
Simon Josefsson |
|
Subject: |
getting a godaddy cert using certtool |
|
Date: |
Mon, 11 Jan 2010 10:59:02 +0100 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) |
There has been some questions about getting certificates from commercial
CAs using GnuTLS tools. I just bought a cert from godaddy and it worked
fine. I was using certtool and thought I'd share the steps I used. I
used GnuTLS 2.8.5 as packaged in Debian.
$ certtool -p --outfile api2.yubico.com-key.pem
Generating a 2048 bit RSA private key...
$
$ certtool --generate-request --load-privkey api2.yubico.com-key.pem
Generating a PKCS #10 certificate request...
Country name (2 chars): SE
Organization name: Yubico AB
Organizational unit name:
Locality name:
State or province name:
Common name: api2.yubico.com
UID:
Enter a dnsName of the subject of the certificate: api2.yubico.com
Enter a dnsName of the subject of the certificate:
Enter the IP address of the subject of the certificate: 74.207.251.59
Enter the e-mail of the subject of the certificate:
Enter a challenge password:
Does the certificate belong to an authority? (y/N): n
Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)?
(y/N): y
Will the certificate be used for encryption (RSA ciphersuites)? (y/N): y
Is this a TLS web client certificate? (y/N): n
Is this also a TLS web server certificate? (y/N): y
PKCS #10 Certificate Request Information:
...
I cut'n'pasted the CSR printed in '...' above to Godaddy, and verified
the domain ownership through their e-mail ping, and I was then able to
download a ZIP file containing the certificate.
There are some things I note in the certificate I got though:
Key Purpose (not critical):
TLS WWW Server.
TLS WWW Client.
This is even though I didn't ask for a WWW client cert!
Key Usage (critical):
Digital signature.
Key encipherment.
This seems right.
Subject Alternative Name (not critical):
DNSname: api2.yubico.com
DNSname: www.api2.yubico.com
They added a 'www.api2.yubico.com' name although I didn't ask for it.
Note that they dropped the IP address SAN that I supplied.
/Simon
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- getting a godaddy cert using certtool,
Simon Josefsson <=