[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 35/156: Add short example of how to use certutil to generate a certificate request suitable for submission to a 3rd party CA such as Verisign.

Timo Aaltonen tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:25 UTC 2014 

This is an automated email from the git hooks/post-receive script.

tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.

commit 800a72acfa0c9c5aaff37305cec1f1a038660074
Author: rcritten <>
Date:   Thu Sep 8 14:03:23 2005 +0000

    Add short example of how to use certutil to generate a certificate
    request suitable for submission to a 3rd party CA such as Verisign.
---
 README | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/README b/README
index ce6736d..2c2d946 100644
--- a/README
+++ b/README
@@ -74,3 +74,40 @@ automatically when the server starts.
 DOCUMENTATION
 
  See docs/mod_nss.html for additional information.
+
+ For NSS documentation, see http://www.mozilla.org/projects/security/pki/nss/
+
+REQUESTING A CERTIFICATE
+
+ The NSS command-line tools may be used to generate a certificate request
+ suitable for submission to a local CA or a commerical CA like Verisign,
+ and install the issued certificate into your local database. A sample
+ request may look something like this. This assumes that your certificate
+ database directory (NSSCertificateDatabase) is set to /opt/fortitude/alias
+
+ Step 1 Create the database. This assumes you want your certificate database
+        in /etc/httpd/alias
+
+ % cd /etc/httpd
+ % mkdir alias
+ % cd alias
+ % certutil -N -d .
+
+ Step 2 Generate a PKCS#10 certificate request
+
+ % certutil -R -d . -s "CN=test.example.com, O=Example, c=US" -o certreq.txt -a
+
+ The file certreq.txt contains an ASCII representation of the certificate
+ request and may be submitted to a CA for approval.
+
+ Step 3 The CA has issued your certificate. In this example, you have the
+        PKCS#7 (ASCII) copy in the file cert.txt. You have a copy of the CA
+        certificate chain in ca.txt.
+
+ % certutil -A -d . -n Server-Cert -t "u,u,u" -a < cert.txt 
+ % certutil -A -d . -n "My CA" -t "CTu,CTu,CTu" -a < ca.txt 
+
+ Step 4 Verify that the certificate and CA are installed correctly
+
+ % certutil -V -u V -d . -n Server-Cert
+

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git

More information about the Pkg-fedora-ds-maintainers mailing list