Versions Compared

Old Version 29

changes.mady.by.user Simon Chang

Saved on

compared with

New Version 30

changes.mady.by.user Simon Chang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This guide also assumes the possibility that a site may initially opt for ACT-signed certificate, but later switch over to a third-party certificate.  This guide also uses a fictitious remote site called shrine.example.edu in all examples.

The first step is to generate a certificate signing request (CSR) using a private key, and to send that CSR to an SSL/TLS vendor.  This step can be performed using either openssl or keytool.  The vendor will in turn provide a certificate for the requested fully-qualified domain name (FQDN), and it may provide additional certificates for its root and intermediate CAs.  The remote site should work with the vendor to concatenate all certificates together into one file, such that it would be possible to trace the chain of trust from the endpoint certificate all the way back to the root CA.

...