Difference between revisions of "Obtaining a StartCom Murmur Certificate"

From Mumble Wiki
Jump to: navigation, search
Line 2: Line 2:
  
 
  wget --no-check-certificate https://www.startssl.com/certs/sub.class1.server.ca.pem
 
  wget --no-check-certificate https://www.startssl.com/certs/sub.class1.server.ca.pem
  openssl req -nodes -newkey rsa:2048 -nodes -keyout mumble.key -out server_mumble.csr \
+
 
  -subj "/C=SE/ST=Stockholm/L=Stockholm/O=YourNameHere/OU=IT/CN=your.domain.here"
+
  $ openssl req -nodes -newkey rsa:2048 -nodes -keyout mumble.key -out server_mumble.csr  
 +
Generating a 2048 bit RSA private key
 +
.........................................+++
 +
..+++
 +
writing new private key to 'mumble.key'
 +
  -----
 +
You are about to be asked to enter information that will be incorporated
 +
into your certificate request.
 +
What you are about to enter is what is called a Distinguished Name or a DN.
 +
There are quite a few fields but you can leave some blank
 +
For some fields there will be a default value,
 +
If you enter '.', the field will be left blank.
 +
-----
 +
Country Name (2 letter code) [GB]:
 +
State or Province Name (full name) [Berkshire]:
 +
Locality Name (eg, city) [Newbury]:
 +
Organization Name (eg, company) [My Company Ltd]:
 +
Organizational Unit Name (eg, section) []:
 +
Common Name (eg, your name or your server's hostname) []:
 +
Email Address []:
 +
Please enter the following 'extra' attributes
 +
to be sent with your certificate request
 +
A challenge password []:
 +
An optional company name []:
  
 
This will create server_mumble.csr.  
 
This will create server_mumble.csr.  

Revision as of 19:51, 20 January 2010

This is a quick hands-on guide for obtaining and installing a Class 1 server certificate in murmur on a reasonably modern Linux system.

wget --no-check-certificate https://www.startssl.com/certs/sub.class1.server.ca.pem
$ openssl req -nodes -newkey rsa:2048 -nodes -keyout mumble.key -out server_mumble.csr 
Generating a 2048 bit RSA private key
.........................................+++
..+++
writing new private key to 'mumble.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []: 
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request 
A challenge password []:
An optional company name []:

This will create server_mumble.csr.

After authenticating to the StartSSL website (assuming you've already added your domain to StartSSL and verified it), click "Certificates Wizard", select "Web Server SSL/TLS Certificate" from the Certificate Target dropdown box, and click "Continue".

Skip the key generation step because we've already generated a key using OpenSSL above. You will now have a text area were you can paste the contents of server_mumble.csr. Paste the contents of server_mumble.csr and click "Continue".

After the certificate is generated the contents of the textarea should be placed in a new file, ssl_mumble.crt.

cat sub.class1.server.ca.pem >> ssl_mumble_concat.crt
cat ssl_mumble.crt >> ssl_mumble_concat.crt

Now the file ssl_mumble_concat.crt contains the certificate, and mumble.key contains the key. Move the files into the same folder as murmur.ini and edit the following two lines:

sslCert=ssl_mumble_concat.crt
sslKey=mumble.key

Restart murmur and you're done.