For Pi3Web as a free server it is recommended to use openssl in order
to generate keys and certificate signing request (CSR).
For demonstration purposes I created the Pi3CA
(http://pi3web.sourceforge.net/pi3ca/), a small web frontend for
openssl, where you can also upload your CSR for signing
(http://pi3web.sourceforge.net/pi3ca/server-enroll.html).
You can also download an 'off the shelf' Win32 package of openssl
and a few scripts, which can be used for key and CSR generation from
this site.
There's a short README.TXT describing the usage of the scripts and the
default parameters (changes are not required). You can either use the
perl (perl interpreter is required) or the cmd script, they are
functional identical.
The required steps are:
1. download and unpack the openssl binaries and the scripts into
a common folder CSRTOOL
2. read the README.TXT file and perform optional paramter changes
(e.g. switch off the private key passphrase) in the script
generate_csr.bat (or .pl)
3. go into CSRTOOL, invoke generate_csr.bat (or .pl) and enter the
requested information (press ENTER in order to apply default values,
enter the exact server host name when the 'common name' is requested
4. take server_cert.req and send it to the CA for signing using the
mechanism provided by the CA (for the Pi3CA open server_cert.req
with an editor or text viewer, select all, copy and paste it to
the Pi3CA CSR enrollment page and press 'enroll', then save the
received certificate file)
5. copy the server_pkey.pem and the server_cert.pem to their location,
as configured with Pi3Web
6. start the server, enter the Private Key Passphrase if requested
(Important: if the server runs as a service, allow interaction with
desktop in the service manager)
--
regards,
Holger
|
