1,234
edits
Changes
→Obtaining a Certificate
In the real world the process for obtaining a certificate looks like this:
# '''You''': Create a certificate request(often abbreviated as CSR). You don't need to do it on the server that requires the certificate. Typically this is done on a commandline with the openssl command.
# '''You''': Send the certificate request and your payment to a good CA. There are various factors that affect what makes it "good", most commonly people care about how well it's trusted, and how much it costs.
# '''CA''': Receives your request and payment, creates a set of keys, and signs your certificate with their own private key (the certificate is your public key). The CA then sends you the files it generated for you.
In our case each of you will be all three of the above: '''You''', the '''CA''', and the '''clients'''. That will allow us to do all this stuff in one lab.
= Lab completion =