Acquiring or renewing a certificate for an apache-ssl server:
-------------------------------------------------------------

1. Generate rsa key
  ----------------- 

    On the system you want the certificate for:
    # This simply generate some random stuff
    athena% ps > /tmp/foo 
    athena% ps -elf >> /tmp/foo 
    athena% cd /var/ssl/bin 
    athena% ./openssl genrsa -rand /tmp/foo 2048 > /var/ssl/private/https-key.pem


2. Generate request for a certificate
   ---------------------------------

    athena% cd /var/ssl/bin
    athena% ./openssl req -key /var/ssl/private/https-key.pem -new >../certs/req.pem

    When prompted for input, use these answers:
    (or use the default answers for all but YOUR name and challenge pass)
     US 
     Massachusetts
     Cambridge
     Massachusetts Institute of Technology
     YOUR organizational unit at MIT (e.g. Information Services & Technology)
     YOUR name = name of the server (machine.mit.edu)
     email address = 
     challenge passwd (anything you choose) (you should remember in case
                 jis challenges you)

   Find the file /var/ssl/certs/req.pem and send this to mitcert@mit.edu,
   including the BEGIN and END line

   In return, you will receive a certificate (between BEGIN and END). 
   Save it under /var/ssl/certs/<servername>.pem, where <servername> is
   the name of your machine.

Random information
------------------

To look at servername.pem certificate, type

    athena% /var/ssl/bin/openssl x509 -in /var/ssl/certs/servername.pem -text


To look at the key

    athena% /var/ssl/bin/openssl rsa -in /var/ssl/private/https-key.pem -text
    ops-5 certificate expires on Jan. 16 1998