Difference between revisions of "Obtaining a StartCom Murmur Certificate"
Line 2: | Line 2: | ||
wget --no-check-certificate https://www.startssl.com/certs/sub.class1.server.ca.pem | wget --no-check-certificate https://www.startssl.com/certs/sub.class1.server.ca.pem | ||
− | openssl req -nodes -newkey rsa:2048 -nodes -keyout mumble.key -out server_mumble.csr | + | |
− | - | + | $ openssl req -nodes -newkey rsa:2048 -nodes -keyout mumble.key -out server_mumble.csr |
+ | Generating a 2048 bit RSA private key | ||
+ | .........................................+++ | ||
+ | ..+++ | ||
+ | writing new private key to 'mumble.key' | ||
+ | ----- | ||
+ | You are about to be asked to enter information that will be incorporated | ||
+ | into your certificate request. | ||
+ | What you are about to enter is what is called a Distinguished Name or a DN. | ||
+ | There are quite a few fields but you can leave some blank | ||
+ | For some fields there will be a default value, | ||
+ | If you enter '.', the field will be left blank. | ||
+ | ----- | ||
+ | Country Name (2 letter code) [GB]: | ||
+ | State or Province Name (full name) [Berkshire]: | ||
+ | Locality Name (eg, city) [Newbury]: | ||
+ | Organization Name (eg, company) [My Company Ltd]: | ||
+ | Organizational Unit Name (eg, section) []: | ||
+ | Common Name (eg, your name or your server's hostname) []: | ||
+ | Email Address []: | ||
+ | Please enter the following 'extra' attributes | ||
+ | to be sent with your certificate request | ||
+ | A challenge password []: | ||
+ | An optional company name []: | ||
This will create server_mumble.csr. | This will create server_mumble.csr. |
Revision as of 19:51, 20 January 2010
This is a quick hands-on guide for obtaining and installing a Class 1 server certificate in murmur on a reasonably modern Linux system.
wget --no-check-certificate https://www.startssl.com/certs/sub.class1.server.ca.pem
$ openssl req -nodes -newkey rsa:2048 -nodes -keyout mumble.key -out server_mumble.csr Generating a 2048 bit RSA private key .........................................+++ ..+++ writing new private key to 'mumble.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]: State or Province Name (full name) [Berkshire]: Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
This will create server_mumble.csr.
After authenticating to the StartSSL website (assuming you've already added your domain to StartSSL and verified it), click "Certificates Wizard", select "Web Server SSL/TLS Certificate" from the Certificate Target dropdown box, and click "Continue".
Skip the key generation step because we've already generated a key using OpenSSL above. You will now have a text area were you can paste the contents of server_mumble.csr. Paste the contents of server_mumble.csr and click "Continue".
After the certificate is generated the contents of the textarea should be placed in a new file, ssl_mumble.crt.
cat sub.class1.server.ca.pem >> ssl_mumble_concat.crt cat ssl_mumble.crt >> ssl_mumble_concat.crt
Now the file ssl_mumble_concat.crt contains the certificate, and mumble.key contains the key. Move the files into the same folder as murmur.ini and edit the following two lines:
sslCert=ssl_mumble_concat.crt sslKey=mumble.key
Restart murmur and you're done.