From 850ed42093191e15c1a93c2ddc29cec3c7bbec0f Mon Sep 17 00:00:00 2001 From: Phil Young Date: Thu, 14 Mar 2024 17:06:00 +0000 Subject: [PATCH 1/7] Add instructions to generate a CSR This helps custom generated CSRs --- source/domains/ssl/generating_csrs.md | 58 +++++++++++++++++++++++++++ source/domains/ssl/index.rst | 1 + 2 files changed, 59 insertions(+) create mode 100644 source/domains/ssl/generating_csrs.md diff --git a/source/domains/ssl/generating_csrs.md b/source/domains/ssl/generating_csrs.md new file mode 100644 index 000000000..5e1934197 --- /dev/null +++ b/source/domains/ssl/generating_csrs.md @@ -0,0 +1,58 @@ +# How to Generate a CSR File + +```eval_rst + .. title:: SSL | Generating a CSR + .. meta:: + :title: SSL | Generating a CSR | ANS Documentation + :description: Generating a CSR +``` +This guide will help you generate a Certificate Signing Request (CSR) on different operating systems. + +## Pre-requisite reading + +On SSL certificates that protect a single hostname/domain, your primary hostname is the hostname/domain you have chosen. + +For multidoman SSL certificates, the primary hostname is the first hostname that +is listed on your SSL certificate inside [ANS Glass](https://portal.ans.co.uk/ssl/index.php). + +You should also ensure to make sure your key and CSR are in a safe folder, as you'll need the the key +to install the SSL certificate and the CSR to generate your SSL Certificate. + +## Generate a CSR on Linux + +First, check if OpenSSL is installed: + +```shell +openssl version +``` + +If OpenSSL is not installed, you will see an error message. In that case, install OpenSSL: + +#### Ubuntu + +```shell +sudo apt install openssl +``` + +#### RHEL/AlmaLinux + +```shell +sudo yum install openssl +``` + +Now you can generate the CSR. You need to replace `yourhostname` with your primary hostname (Common Name) +that the SSL will protect. + +```shell +openssl req -new -newkey rsa:2048 -nodes -keyout /path/to/yourhostname.key -out /path/to/yourhostname.csr +``` + +## Generate a CSR on Windows + +1. Open `IIS Manager`. +1. Select the server in the `Connections` pane. +1. Double-click the `Server Certificates` icon. +1. Click the `Create Certificate Request` link in the Actions pane. +1. Fill out the `Distinguished Name Properties` form with the required information (`Common Name` (primary hostname), `Organization`, `City/locality`, `State/province`, `Country/region`). +1. Set the `Cryptographic Service Provider Properties` (Microsoft RSA SChannel Cryptographic Provider and a bit length of 2048). +1. Create a file name for your CSR and click the Finish button. diff --git a/source/domains/ssl/index.rst b/source/domains/ssl/index.rst index 0041a8a44..d8fc17e42 100644 --- a/source/domains/ssl/index.rst +++ b/source/domains/ssl/index.rst @@ -6,6 +6,7 @@ SSL Certificates :maxdepth: 1 Purchasing and Renewing + Generating A CSR (Certificate Sigining Request) Validating your Certificate UKFast SSL Types Self Signed Certificates From 45a0d23bd10c2ca52db04fc55aaffb616bdabeee Mon Sep 17 00:00:00 2001 From: Phil Young Date: Thu, 14 Mar 2024 17:06:40 +0000 Subject: [PATCH 2/7] Add PFX generation instructions This should help customers who want to use the PFX/PKCS12 format --- source/domains/ssl/generating_pfx_files.md | 61 ++++++++++++++++++++++ source/domains/ssl/index.rst | 1 + 2 files changed, 62 insertions(+) create mode 100644 source/domains/ssl/generating_pfx_files.md diff --git a/source/domains/ssl/generating_pfx_files.md b/source/domains/ssl/generating_pfx_files.md new file mode 100644 index 000000000..029ae5503 --- /dev/null +++ b/source/domains/ssl/generating_pfx_files.md @@ -0,0 +1,61 @@ +# How to Generate a PFX File + +```eval_rst + .. title:: SSL | Generating a PFX file + .. meta:: + :title: SSL | Generating a PFX file | ANS Documentation + :description: Generating a PFX file +``` +This guide will help you generate a PFX (also known as PKCS#12) file on different operating systems. + +## Generate a PFX file on Linux + +First, check if OpenSSL is installed: + +```shell +openssl version +``` + +If OpenSSL is not installed, you will see an error message. In that case, install OpenSSL: + +#### Ubuntu + +```shell +sudo apt install openssl +``` + +#### RHEL/AlmaLinux + +```shell +sudo yum install openssl +``` + +Now you can generate the PFX file. + +Suppose you have a private key file (`privateKey.key`), a certificate file (`certificate.crt`), an intermediate certificate file (`intermediate.crt`) and a root certificate file (`root.crt`). +Open a terminal and run the following command: + +```shell +openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile intermediate.crt -certfile root.crt +``` + +You’ll be prompted to set an export password to protect the PFX file. Remember this password; you’ll need it later. + +## Generate a CSR on Windows + +Check if OpenSSL is Installed by opening a Windows Command Prompt and entering: + +```powershell +openssl version +``` + +If OpenSSL is not installed, you will see an error message. In that case, install OpenSSL following the official instructions located at https://github.com/openssl/openssl/blob/master/README.md. + +Suppose you have a private key file (`privateKey.key`), a certificate file (`certificate.crt`), an intermediate certificate file (`intermediate.crt`) and a root certificate file (`root.crt`). +Open a terminal and run the following command: + +```powershell +openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile intermediate.crt -certfile root.crt +``` + +You’ll be prompted to set an export password. Remember this password for future use. diff --git a/source/domains/ssl/index.rst b/source/domains/ssl/index.rst index d8fc17e42..2ac89e8c2 100644 --- a/source/domains/ssl/index.rst +++ b/source/domains/ssl/index.rst @@ -12,4 +12,5 @@ SSL Certificates Self Signed Certificates Using Server Name Indication (SNI) Extended Validation Certificates + Generating a PFX file letsencrypt/index From f6b27b1c7bfb559e82047c9bd6f43361e94a7075 Mon Sep 17 00:00:00 2001 From: Phil Young Date: Thu, 14 Mar 2024 17:07:14 +0000 Subject: [PATCH 3/7] Correct the company name This is now the company name --- source/domains/ssl/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/domains/ssl/index.rst b/source/domains/ssl/index.rst index 2ac89e8c2..36b8df4a0 100644 --- a/source/domains/ssl/index.rst +++ b/source/domains/ssl/index.rst @@ -8,7 +8,7 @@ SSL Certificates Purchasing and Renewing Generating A CSR (Certificate Sigining Request) Validating your Certificate - UKFast SSL Types + ANS SSL Types Self Signed Certificates Using Server Name Indication (SNI) Extended Validation Certificates From 9a69c59dbe828922b2b048e348c9e35c2387b0b4 Mon Sep 17 00:00:00 2001 From: Phil Young Date: Thu, 14 Mar 2024 17:11:44 +0000 Subject: [PATCH 4/7] Remove Microsoft Encoding ASCII please --- source/domains/ssl/generating_pfx_files.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/domains/ssl/generating_pfx_files.md b/source/domains/ssl/generating_pfx_files.md index 029ae5503..9cbbb86a7 100644 --- a/source/domains/ssl/generating_pfx_files.md +++ b/source/domains/ssl/generating_pfx_files.md @@ -39,7 +39,7 @@ Open a terminal and run the following command: openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile intermediate.crt -certfile root.crt ``` -You’ll be prompted to set an export password to protect the PFX file. Remember this password; you’ll need it later. +You'll be prompted to set an export password to protect the PFX file. Remember this password; you'll need it later. ## Generate a CSR on Windows @@ -58,4 +58,4 @@ Open a terminal and run the following command: openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile intermediate.crt -certfile root.crt ``` -You’ll be prompted to set an export password. Remember this password for future use. +You'll be prompted to set an export password. Remember this password for future use. From f2d98791f905888a64ff9006aaae5b9c19e591b0 Mon Sep 17 00:00:00 2001 From: Phil Young Date: Thu, 14 Mar 2024 17:17:56 +0000 Subject: [PATCH 5/7] Correct a typo Thanks for this CI --- source/domains/ssl/generating_csrs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/domains/ssl/generating_csrs.md b/source/domains/ssl/generating_csrs.md index 5e1934197..8dac31745 100644 --- a/source/domains/ssl/generating_csrs.md +++ b/source/domains/ssl/generating_csrs.md @@ -12,7 +12,7 @@ This guide will help you generate a Certificate Signing Request (CSR) on differe On SSL certificates that protect a single hostname/domain, your primary hostname is the hostname/domain you have chosen. -For multidoman SSL certificates, the primary hostname is the first hostname that +For multi-domain SSL certificates, the primary hostname is the first hostname that is listed on your SSL certificate inside [ANS Glass](https://portal.ans.co.uk/ssl/index.php). You should also ensure to make sure your key and CSR are in a safe folder, as you'll need the the key From 05c377592cb9efbeb3c64737eedbc6a43191c216 Mon Sep 17 00:00:00 2001 From: Phil Young Date: Thu, 14 Mar 2024 17:25:17 +0000 Subject: [PATCH 6/7] Add SSL terns to the wordlist This will clear a load of spelling "errors" --- .wordlist.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.wordlist.txt b/.wordlist.txt index 56f3a1d41..361f184c4 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -94,6 +94,7 @@ cryptographic cryptographically CryptoLocker CSF +CSR CSV CTM CTO @@ -368,6 +369,7 @@ Perl personalisation PetalBot PFS +PFX pfSense PhaaS PHaaS From e06656c1321b6a4b1e1153b11b71502fd9d5c307 Mon Sep 17 00:00:00 2001 From: Phil Young Date: Thu, 14 Mar 2024 17:30:19 +0000 Subject: [PATCH 7/7] Fix more spelling One was an error, one needed adding to the wordlist --- .wordlist.txt | 1 + source/domains/ssl/generating_csrs.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.wordlist.txt b/.wordlist.txt index 361f184c4..c38048f72 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -376,6 +376,7 @@ PHaaS PHP PHPMyAdmin PID +PKCS plc Plesk Polkit diff --git a/source/domains/ssl/generating_csrs.md b/source/domains/ssl/generating_csrs.md index 8dac31745..b741294d6 100644 --- a/source/domains/ssl/generating_csrs.md +++ b/source/domains/ssl/generating_csrs.md @@ -54,5 +54,5 @@ openssl req -new -newkey rsa:2048 -nodes -keyout /path/to/yourhostname.key -out 1. Double-click the `Server Certificates` icon. 1. Click the `Create Certificate Request` link in the Actions pane. 1. Fill out the `Distinguished Name Properties` form with the required information (`Common Name` (primary hostname), `Organization`, `City/locality`, `State/province`, `Country/region`). -1. Set the `Cryptographic Service Provider Properties` (Microsoft RSA SChannel Cryptographic Provider and a bit length of 2048). +1. Set the `Cryptographic Service Provider Properties` (Microsoft RSA Schannel Cryptographic Provider and a bit length of 2048). 1. Create a file name for your CSR and click the Finish button.