1, making CSR files.

The so-called CSR is the certificate security request certificate request file made by the applicant. In the production process, the system will generate two keys, one is the public key, that is, the CSR file, and the other is the private key, which is stored on the server. To make CSR files, applicants can refer to the documents of WEB SERVER, APACHE, etc. And use the OPENssl command line to generate the KEY+CSR2 file. Tomcat, JBoss, Resin, etc. Use KEYTOOL to generate JKS and CSR files, and IIS creates a pending request and a CSR file through the wizard.

2.CA certification

To submit CSR to CA, CA generally has two authentication methods:

1) domain name authentication: generally, it is authenticated by the administrator's mailbox, which is fast, but the certificate issued does not contain the enterprise name;

2) Enterprise certificate authentication: the business license of the enterprise is required.

There are also certificates that need to authenticate the above two methods at the same time, called EV certificates. This certificate can make the address bar of browsers above IE7 green, so the authentication is also the strictest.

3. Certificate installation

After receiving the CA certificate, you can deploy the certificate to the server. Generally, the APACHE file directly copies the KEY+CER into the file, and then modifies the httpD. CONF file. TOMCAT and so on. , you need to import the certificate CER file issued by CA into JKS file, copy it to the server, and then modify the server. XMLIIS needs to handle pending requests and import CER files.