Various notes re ssl certificate installation
$@users:[sys0.syscommon.apache]apache$cert_tool.com
³ 1. View certificate
OPENSSL_ROOT:[CRT]SERVER.CRT;2
³ Certificate: ³
³ Data: ³
³ Version: 3 (0x2) ³
³ Serial Number: 2109558 (0x203076) ³
³ Signature Algorithm: md5WithRSAEncryption ³
³ Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc ³
³>, OU=Certification Services Division, CN=Thawte Server CA/Email=server-ce ³
³>rts@thawte.com ³
³ Validity ³
³ Not Before: Jun 23 21:21:25 2004 GMT ³
³ Not After : Jun 23 21:21:25 2006 GMT ³
³ Subject: C=US, ST=OKLAHOMA, L=SHAWNEE, O=ST. GREGORYS UNIVERSITY, ³
³>OU=POISE Administration, CN=ADMIN.STGREGORYS.EDU/Email=webmaster@admin.stgregorys.edu
³ Subject Public Key Info: ³
³ Public Key Algorithm: rsaEncryption ³
³ RSA Public Key: (1024 bit) ³
³ Modulus (1024 bit): ³
³ 00:b3:5a:9d:ea:e5:43:2c:3f:9a:70:b6:14:c6:6e: ³
³ b9:6d:85:d0:4e:ca:73:e3:b7:59:5a:9a:e3:ae:e1: ³
³ d8:16:4d:81:33:33:c5:09:23:b8:42:08:dc:84:cf: ³
³ 91:a2:89:23:05:be:b3:1d:cc:47:92:1c:55:8a:26: ³
³ 65:cd:23:2f:81:29:52:88:9f:ac:aa:f8:c5:08:18: ³
³ b6:15:09:bb:08:d6:6c:75:85:b5:5e:c0:6e:07:28: ³
³ 39:87:f7:5e:48:9a:01:86:fd:dc:f9:e0:c4:38:bf: ³
³ e8:02:30:75:64:06:e5:f4:b3:b5:1e:d7:65:5f:98: ³
³ c1:b6:5a:cd:83:3d:8a:0b:c5 ³
³ Exponent: 65537 (0x10001) ³
³ X509v3 extensions: ³
³ X509v3 Extended Key Usage: ³
³ TLS Web Server Authentication, TLS Web Client Authenticati ³
³>on ³
³ X509v3 CRL Distribution Points: ³
³ URI:http://crl.thawte.com/ThawteServerCA.crl ³
³ Authority Information Access: ³
³ OCSP - URI:http://ocsp.thawte.com ³
³ X509v3 Basic Constraints: critical
³ CA:FALSE ³
³ Signature Algorithm: md5WithRSAEncryption ³
³ 08:0d:e0:b2:4d:7f:af:19:af:57:2f:9a:1b:61:7a:88:73:67: ³
³ c6:0e:dc:eb:1f:f4:e5:ff:5c:dd:a1:eb:13:77:ca:2c:fe:e8: ³
³ 77:3d:c8:88:7d:34:3a:4b:43:7c:78:d6:8f:bb:c4:81:69:9a: ³
³ f2:3f:2d:11:b2:4a:4a:32:da:55:d8:98:0a:27:fa:ec:92:14: ³
³ d6:7d:95:e7:5c:8e:bc:f0:aa:c5:9e:73:1a:65:92:27:ae:0e: ³
³ e4:83:a9:b0:f7:d0:a6:1d:d4:ac:2a:e6:ec:c0:4b:12:ba:d8: ³
³ 26:21:96:b6:a2:52:4d:a4:f9:c3:ea:58:6d:25:7c:4e:8c:a7: ³
³ 7c:b3
2. View cert request
³ 1. OPENSSL_ROOT:[CSR]SERVER.CSR;3
³ Certificate Request: ³
³ Data: ³
³ Version: 0 (0x0) ³
³ Subject: C=US, ST=OKLAHOMA, L=SHAWNEE, O=ST. GREGORYS UNIVERSITY, ³
³>OU=POISE Administration, CN=ADMIN.STGREGORYS.EDU/Email=webmaster@admin.st ³
³>gregorys.edu ³
³ Subject Public Key Info: ³
³ Public Key Algorithm: rsaEncryption ³
³ RSA Public Key: (1024 bit) ³
³ Modulus (1024 bit): ³
³ 00:b3:5a:9d:ea:e5:43:2c:3f:9a:70:b6:14:c6:6e: ³
³ b9:6d:85:d0:4e:ca:73:e3:b7:59:5a:9a:e3:ae:e1: ³
³ d8:16:4d:81:33:33:c5:09:23:b8:42:08:dc:84:cf:
³ 91:a2:89:23:05:be:b3:1d:cc:47:92:1c:55:8a:26: ³
³ 65:cd:23:2f:81:29:52:88:9f:ac:aa:f8:c5:08:18: ³
³ b6:15:09:bb:08:d6:6c:75:85:b5:5e:c0:6e:07:28: ³
³ 39:87:f7:5e:48:9a:01:86:fd:dc:f9:e0:c4:38:bf: ³
³ e8:02:30:75:64:06:e5:f4:b3:b5:1e:d7:65:5f:98: ³
³ c1:b6:5a:cd:83:3d:8a:0b:c5 ³
³ Exponent: 65537 (0x10001) ³
³ Attributes: ³
³ a0:00 ³
³ Signature Algorithm: md5WithRSAEncryption ³
³ 54:be:aa:ca:9d:78:11:50:8b:ed:fd:c8:90:12:09:fb:21:52: ³
³ 30:0e:ac:b7:fc:bf:95:8e:26:27:42:07:db:f4:67:2c:d6:ff: ³
³ 17:19:72:a4:f1:ab:d0:d9:bd:23:18:fe:6d:23:fd:bc:20:f1:
³ 44:06:de:8b:4d:5c:d8:1d:2f:f5:8f:5f:98:b8:34:72:e6:cf: ³
³ cc:58:1d:65:0a:b0:75:33:02:9c:69:9f:12:15:ba:10:4a:90: ³
³ 23:8a:61:15:e7:22:64:99:e3:10:c8:be:31:51:b5:83:5d:25: ³
³ 82:f0:70:fd:ca:4f:82:b8:3b:07:51:fc:d9:5e:a6:3e:38:d4: ³
³ 14:5b
Create cert request.
SYSMGR>dir APACHE$COMMON:[OPENSSL.CSR]/date
Directory APACHE$COMMON:[OPENSSL.CSR]
SERVER.CSR;4 11-JUL-2006 16:10:24.12
SERVER.CSR;3 10-JUN-2004 15:44:39.61
Renew the certificate online.
You can chat with techs online -- valuable source of info:
Live chat with THAWTE on 07/12/06:
You have been connected to Noah Landsberg.
Noah Landsberg: Hello Floy,
Noah Landsberg: Please may I have your current Domain Name to better assist you?
Floy Parkhill: Hi, Noah. I have generated the cert request, but Floy Parkhill: ...
Floy Parkhill: stgregorys.edu
Noah Landsberg: Please hold a moment.
Noah Landsberg: Thanks for holding\
Noah Landsberg: the certificate order number is: USSTXX4-1X Floy Parkhill: wait, it's probably admin.stgregorys.edu. Our main campus domain name is stgregorys.edu, but I'm running apache server for the admin data system.
Noah Landsberg: It has been renewed too
Noah Landsberg: okay
Noah Landsberg: Please hold a moment.
Floy Parkhill: should I fax or email the request?
Noah Landsberg: no, that is not necessary Noah Landsberg: here is the order number: USSTXX6 Noah Landsberg: do you have the password?
Floy Parkhill: am I supposed to send payment now?
Noah Landsberg: You will be able to pay by either check or credit card Floy Parkhill: no, I do not have the pw. and I admit I'm green -- have only done part of this procedure once before. not sure what to do next.
Noah Landsberg: the information is all on the renewals page Noah Landsberg: The password can only be sent to: jeburdette@stgregorys.edu Noah Landsberg: will you be able to source it from jeburdette@stgregorys.edu?
Floy Parkhill: jeburdette is no longer working here. what should we do?
Noah Landsberg: Please hold while I transfer you to our verification team, they will be able to assist you further (Please be advised that all chat history will be included in the transfer for your convenience) Floy Parkhill: thanks.
Noah Landsberg has left the session.
Please wait while we find an agent from the thawte Customer Support ( US, Canada & Latin America ) department to assist you.
You have been connected to Amber .
Amber : Hello, my name is Amber. Please bear with me while I review the details of your previous chat prior to being transferred.
Floy Parkhill: Hi, Amber.
Amber : Hi, did you have a question about USSTXX4-1X or USSTXX6?
Floy Parkhill: I'm not sure; I was given 2 order #'s. I need info on the one for admin.stgregorys.edu Floy Parkhill: I'm ready to send a cert renewal but I guess I need an order # to accompany it...?
Amber : USSTXX4-1X is for
www.stgregorys.edu Amber : USSTXX6 is for ADMIN.STGREGORYS.EDU Floy Parkhill: that's our main organization domain. I'm running an Apache server under admin.stgregorys.edu Floy Parkhill: ah, ok.Floy Parkhill: usstxx6: do I need to fax you the cert request and make payment at same time?
Amber : You actually need to renew online on our website at:
Customer has been transferred to the
Ȇ㌤Ŗhttps://www.thawte.com/process/retail/renew_ssl department Floy Parkhill: the person with any old password is no longer employed, so I'll try submitting w/o pw.Floy Parkhill: that didn't work. I'm not sure how to proceed.
Amber : do you have access to jeburdette@stgregorys.edu email?
Floy Parkhill: I'm trying to find that out now. Probably our new MIS does, but she's off campus. Should I just wait until I can determine the answer to your question?
Amber : If you do have access to that email you can reset the password on our website and obtain the new password Amber : Once you find out if you have access to the email you can reset the password at:
Customer has been transferred to the
Ȇ㌤Ŗhttps://www.thawte.com/core/process?process=public-retail-lost-cert-password department Floy Parkhill: I'll try that as soon as I can get jeburdette email.Floy Parkhill: thank you. flp
Another live chat with THAWTE on 07/13/06:
You have been connected to Irvin West.
Irvin West: Hello
Floy Parkhill: Hi Irvin. I have been sent a pw for order #USSTXX6 but it didn't work.
Floy Parkhill: I amtrying to renew an existing cert.
Floy Parkhill: for admin.stgregorys.edu Irvin West: Ok, can you forward the e-mail that was sent with the password - irvinw@thawte.com Floy Parkhill: copy it here?
Irvin West: I will have a look at check with technical support Irvin West: Can you forward the e-mail to my address Floy Parkhill: which is?
Irvin West: irvinw@thawte.com
Floy Parkhill: sorry, i didn't see it above. I've emailed it to you.
Irvin West: One moment while I check
Irvin West: Ok, I was able to log into the account ,can you try it again USSTXX6 Le9C4CgM
Can you copy and paste this chat -
https://www.thawte.com/process/retail/renew_sslIrvin West: * /sorry copy and paste the password from this chat Floy Parkhill: ok. I got in. I want to renew for one year, but my purchasing clerk needs to makethe payment. Can we be billed, or must she be the one to execute the renewal online, instead of me, since she's the one with the pen. (and she's in a different city from me at the moment) Irvin West: Ok, you can choose check as payment now, get the new order number and pay later either via CC or check Floy Parkhill: ok. I think I got it done. It says the status is pending. Will you need to receive the check before I can download the cert?
Irvin West: Yes, send the check then we will issue the certificate Irvin West: as soon as the check is received at our Mountain view office we will issue the renewal.
Irvin West: Postal Address: thawte Order Processing
c/o Accounts Receivable
487 East Middlefield Road
Mountain View
CA 94043, United Sates
Floy Parkhill: My purch clerk can make pmt this afternoon with cc. I presume she can go in and change the pmt type this afternoon (I'll give her the credentials for logging in) and accomplish that today. am I right?
Irvin West: Yes thats right
Floy Parkhill: ok. Thanks for you help. flp Irvin West: You're welcome
Another live chat later on same day, 07/13/06:
You have been connected to Irvin West.
Irvin West: Hello
Floy Parkhill: Hi Irvin. We chatted this am. I renewed my crt but can't seem to find the page where I can have my purch clerk log in and pay by cc. The order # I'm using is USSTXX6 for admin.stgregorys.edu.
Floy Parkhill: was there a diff order # allocated tome?
Irvin West: Ok, the new order number is USSTXX6-1X and you will need to go to this link
Irvin West:
https://www.thawte.com/cgi/server/status.exeIrvin West: You will be able to log into the account with the new order number and password there Floy Parkhill: ok. got in. Thanks. We'll pay now. Approx how long will it take before I can download (after pmt received)?
Irvin West: It normally takes 2 days but once you pay, let me know then I will assist the issue sooner....
Floy Parkhill: great. I'll return to chat in a few min, hopefully. If it's okay, I'll stay connected.
Irvin West: ok, no problem or send me an e-mail - irvinw@thawte.com Floy Parkhill: my purch clerk says the pmt went through. Can you confirm?
Irvin West: one second
Irvin West: yes , it has gone through, I will have a Verification rep start the process now Floy Parkhill: thanks! I presume I just need to watch for an email. Right?
Floy Parkhill: I did change the contact email to flparkhill@stgregorys.edu Irvin West: Yes, an e-mail will be sent to the technical contact once the process is complete Floy Parkhill: ok. I'll get the email fromthe tech contact. thanks for your help. signing off. flp Irvin West: ok, thanks