PKI Tutorials - Herong's Tutorial Examples - Version 2.10, by Dr. Herong Yang
Requesting and Signing Server Certificate
This section describes basic steps of issuing (requesting and signing) server certificates. A Class 1 server certificate only contains the server's domain name.
If you are interested in server certificate, here are basic steps of issuing a server certificate:
1. The webmaster of the Web server who wants to get a server certificate needs use a tool to generate a private-public key pair.
2. The webmaster then needs to generate a CSR (Certificate Signing Request), which includes the server's public key and identity information, like domain name, contact person, etc.
3. The root CA or intermediate CA needs to verify the server's identity.
4. The CA issues a server certificate which includes the server's verified identity information.
The picture below shows you 4 basic steps of issuing a server certificate:
Certificates are usually classified based how much identity information is verified by the CA. For example, if only the server's domain name is verified, then a Class 1 server certificate will be issued.
Performing steps listed above is very similar to perform steps of issuing a personal certificate illustrated in previous sections. I will not repeat it them here.
Last update: 2011.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with Google Chrome
Using HTTPS with Mozilla Firefox
HTTPS with IE (Internet Explorer)
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Windows Certificate Stores and Console
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
►PKI CA Administration - Issuing Certificates
Requesting and Signing Personal Certificate
Generating a Private-Public Key Pair for Amy
Generating a CSR (Certificate Signing Request)
Verifying Requester's Email Address
Exporting a Private Key from a KeyStore File
Signing a CSR into a Certificate
Importing Certificate Reply Back to KeyStore
"bad decrypt:./crypto/evp/evp_enc.c:461" Error
►Requesting and Signing Server Certificate
Comodo Free Personal Certificate
Digital Signature - Microsoft Word
Digital Signature - OpenOffice.org 3