xca is a GUI program that helps with managing certificates and keys. It does a nice job of managing keys and certificates. Whether you are operating your own little certifying authority or obtaining certificates from recognized public authorities, it's helpful to keep copies in the xca database.
Linux server programs specify certificates in their configuration files using pathnames to the actual files. Once you figure out your naming conventions, it is quite easy to export files from xca and copy them to the proper file system locations, replacing expiring certificates with replacements. Restart the service and the new certificate is in operation.
I find dealing with a Microsoft Windows server quite confusing. The menu choices never seem to match what I am doing. One key point: the server wants the key and the certificate to be bundled into one file. This is a PKCS #12 format. .p12 is commonly used for the file extension, but Microsoft prefers .pfx. Once you manage to navigate the menus to where the server wants your .pfx file, you'll be able to install the certificate.
A fine source for certificates is
https://www.startssl.com/
When you setup your account, they will install a certificate in your browser. There is no password to remember and logging in to the site is painless. If you need more than one identity, make sure your browser is configured to let you choose which certificate to present. My main gripe with the site is that the work flows all use a "wizard" approach, but with no capability to backtrack. This avoids complex forms, but can be quite frustrating when you're following the wrong flow and need to abandon your inputs and start over.
No comments:
Post a Comment