Obtaining and installing an X.509 certificate

Problem	You want to obtain and install an X.509 certificate for use with the Tarantella Security Pack.
Solution	Use the `tarantella security certrequest` command to generate a Certificate Signing Request (CSR) for the Tarantella host. Then send the CSR to a supported Certificate Authority, which will return a certificate for you to install for use with the Tarantella Security Pack on that host.
Alternatives	If you already have a certificate for another application, such as a web server, you may be able to share that certificate with the Tarantella server.

Case study

Indigo Insurance, based in Massachusetts, USA, wants to obtain an X.509 certificate for a Tarantella server with a freshly installed Tarantella Security Pack.

Solution

On the Tarantella host, use tarantella security certrequest to generate a Certificate Signing Request (CSR):

tarantella security certrequest \
  --country US \
  --state Massachusetts \
  --org "Indigo Insurance"

Send the CSR to a supported Certificate Authority.
Copy the returned certificate to a temporary file (for example, /tmp/cert), then type the following command to install it:
```
tarantella security certuse < /tmp/cert 
```

Next steps

Once you've installed the X.509 certificate (you must also add a Tarantella Security license key to the array), you can enable secure connections with the tarantella security start command.
There are important security considerations regarding X.509 certificates and user prompts.

Related topics
Getting started with the Tarantella Security Pack Improving security between client devices and Tarantella servers Sharing web server and Tarantella server certificates