SSL HELPER SCRIPTS
------------------

Before you start....
--------------------

Before running any of these scripts you must edit config to reflect the
location of files on your system.  You must have openssl installed, as well
as an ssl-enabled version of Apache made with mod-ssl by Ralf S.
Engelschall.  


Using the SSL Helper Scripts
----------------------------

Run all scripts from within the ssl_helper base directory.

To create a key pair for production use, run the following

./make_private_key
./make_csr

Be sure to remember your pass phrase for your server key!  Save a copy of
the file server.key in a SAFE place (leave a copy here as well) and submit
your Certificate Signing Request - server.csr - to the Certifying Authority
of your choice.  When you receive the signed certificate from your CA, put a
copy in a safe place, copy it to this directory as server.crt and run

./install_cert

This will do the Right Things with both your server private key and signed
certificate and will stop and restart the apache-ssl daemon.  You'll be
asked to provide the pass phrase for your server key when you restart the
server.

Alternatively, and FOR TESTING PURPOSES ONLY, you may sign your own
certificate.  You'll first need to generate a self-signed CA key and
certificate pair if you haven't already done so.  Run the commands

./make_ca_private_key
./make_ca_cert

Remember your CA key passphrase!  This need not be the same as your server
key passphrase. 

Sign your Certificate Signing Request using the command

./sign.sh server.csr

As with an "officially" signed key, run ./install_cert to install your
key and (self-signed) certificate pair.

The programs herein require a clean slate on which to generate server key
and CSR pairs.  When you've finished (or before you begin) you may run

./make_clean

to remove your old server.key, server.csr and server.crt files and
optionally your self-signed CA certificate and key.

The scripts see_* are for viewing the contents of your certificates and keys
as generated by the make_* scripts.  The names should be obvious.

For more information, see

<http://www.modssl.org/docs/2.4/ssl_faq.html#ToC24>

-----------------

Documentation and scripts by Lindsay Haisley of FMP Computer Services, based
on instructions by Ralf S. Engelschall to whom many thanks and kudos are due
for his excellent work on mod_ssl and related components.
