SSL Certificate Generation ..
Something I learnt during writing a SSL Client <which I got stuck up after some time :( >
I am using OpenSSL shipped with S10.
This can be of help for those who wish to create a CA (self signed for test purpose and sign their own certificates using this CA.)
A. Create new CA (Certification Authority)
The CA.pl is located at in Solaris 10 /usr/sfw/bin
Change the perl path to /usr/bin/perl in line 1
> CA.pl -newca
> cp ./demoCA/cacert.pem .
> cp ./demoCA/private/cakey.pem .
> openssl x509 -text -in cacert.pem
B. Generate RSA key and second level CA
> openssl genrsa -out ca2key.pem
> openssl req -new -key ca2key.pem -out ca2req.pem
> openssl ca -cert cacert.pem -keyfile cakey.pem \
-out ca2cert.pem -infiles ca2req.pem
> openssl verify -CAfile cacert.pem ca2cert.pem
C. Sign RSA key with second level CA
> openssl req -new -key rsakey.pem -out rsareq.pem
> openssl ca -cert ca2cert.pem -keyfile ca2key.pem \
-out rsacert.pem -infiles rsareq.pem
> openssl verify -CAfile cacert.pem -untrusted ca2cert.pem rsacert.pem
Posted at
10:14AM Nov 30, 2006
by dakshina in Sun |