indent |
---|
When you receive an email that contains your Server Certificate, save the Server Certificate to the directory you created in a. above. |
You can change the name of the certificate file to something that is meaningful to you. In this document, the Server Certificate was assumed to be saved as servername.cer. servername.cer is the actual server certificate. Do not loose this certificate. Store the certificate (along with it's private key generated in 1. above) in a safe and secure location. View the Server Certificate to verify that you have the correct certificate. To view the certificate, execute the following command line: openssl x509 -in servername.cer -text Find the line that says: Netscape Cert Type. The line immediately following this line should say: SSL Client, SSL Server, S/MIME, Object Signing. If this is not the case, then you may have the wrong type of certificate. Also verify that the issuer of the certificate is the MIT client certificate authority by finding the following line: Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority Also verify that the certificate is for your machine by finding your server certificate name in the certificate's Subject: line. Finally verify the certificate's activation and expiration dates by looking at the two lines following Validity.\\
\\
You can change the name of the certificate file to something that is meaningful to you. In this document, the Server Certificate was assumed to be saved as {color:blue}servername{color}.cer.\\
\\
{color:blue}servername{color}.cer is the actual server certificate. Do *not* loose this certificate. Store the certificate (along with it's private key generated in 1. above) in a safe and secure location.\\
\\
View the Server Certificate to verify that you have the correct certificate. To view the certificate, execute the following command line:\\
\\
*openssl x509 -in {color:blue}servername{color}.cer -text*\\
\\
Find the line that says: *Netscape Cert Type*. The line immediately following this line should say: *SSL Client, SSL Server, S/MIME, Object Signing*. If this is not the case, then you may have the wrong type of certificate.\\
\\
Also verify that the issuer of the certificate is the MIT client certificate authority by finding the following line:\\
\\
*Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority*\\
\\
Also verify that the certificate is for your machine by finding your server certificate name in the certificate's *Subject:* line.\\
\\
Finally verify the certificate's activation and expiration dates by looking at the two lines following *Validity*.\\
|
|