Creating a Certificate

Getting a Certificate for open source apache with mod_ssl
=========================================================
Assumptions
-----------
You want to purchase a 40 bit certificate for "www.unixpeople.com"

Pre-requisites
--------------
Install mod_ssl
Install Apache version 1.3.12 or later
Install OpenSSL 

Step 1. Generate a 1024 bit RSA private key
-------------------------------------------
$ openssl genrsa -des3 -rand /etc/hosts -out www.unixpeople.com.key 1024
{used "its cool" as the pass phrase}
*** BACKUP this file to a floppy AND record the pass phrase ***

Step 2. Generate a Certificate Request
--------------------------------------
$ openssl req -new -key www.unixpeople.com.key -out www.unixpeople.com.csr
{This shows what you will be prompted for and what answers you should give}
*****************
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Walnut Creek
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Unixpeople, Inc.
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:www.unixpeople.com
Email Address []:hostmaster@unixpeople.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []: 
*****************

ALTERNATE Step 3. - self-sign the certificate
---------------------------------------------
$ /opt/ssl/bin/openssl x509 -req -days 3650 -in www.unixpeople.csr \
        -signkey www.unixpeople.com.key -out www.unixpeople.com.crt

Step 3. Apply for your new cert at http://www.thawte.com
--------------------------------------------------------
Page 1
++++++
	-Click on "SSL Certs"
	-Click on "Buy a Server Cert" {over on the right hand side}
	-Click on "Enroll for a SSL Cert" {about 1/2 way down the page}
	-Select "SSL Server Certificate" and click Next
	-Paste in the data from the certificate request file
	-Select the Webserver type from the pulldown list as "Apache+mod_ssl"
	-Choose payment type as "Credit Card - Real-time"
	-Click Next
Page 2
++++++
	-Select "Private (unlisted company)" from the pulldown under
	"description of company"
	-Put in "099997238" as the DUNS number
	-Enter the following information for Authorizing Contact Person
********
Full name: Joe Blow
Official title: Chief Information Officer
Telephone: 650 555 1212
E-mail address: jim@unixpeople.com
********
	-Enter the following information for Technical Contact/Webmaster
********
Full name: Jeff Black
Official title: Web Technology Specialist
Telephone: 650 555 1313
Email address: jblack@unixpeople.com
********
	-Click Next
Page 3
++++++
	-Enter your payment information, then click Next
	*** RECORD your Certificate Request Code ***

Step 4. Generate an authorization letter
----------------------------------------
	-Enter your Certificate Request Code at:
	https://www.thawte.com/cgi/server/letter.exe
	-Print the Authorization letter ON COMPANY LETTERHEAD
	-Have Roy sign the letter
	-Have the technical contact sign the letter

Step 5. Generate an output of the current "whois" information for unixpeople.com
---------------------------------------------------------------------------
	-Enter "unixpeople.com" at:
	http://www.networksolutions.com/cgi-bin/whois/whois
	-Print this page

Step 6. Get a photocopy of the first page of the Certificate of Incorporation
-----------------------------------------------------------------------------
	-This is available from the finance department

Step 7. Fax documentation to Thawte
	To:
		Thawte
	From: 
		Jeff Black
		Unixpeople Inc.
		650 555 1313
	Re:
		Documents Required persuant to Cert. Request # USUNXI5

	Total Pages: 6 (including cover)

	Details:
		Pages 1 and 2 - Letter of Authorization
		Pages 3 and 4 - Whois output
		Page 5 - Certificate of Incorporation