Siemens XT65 User Manual
Page 101
Java User’s Guide
12.1 Secure Data Transfer
112
s
wm_java_usersguide_v12
Page 101 of 123
2008-02-25
Confidential / Released
1. Create CA and generate CA Root Certificate
- We need certificates with sha1 signature. Java Security supports a sha1 signature of the
certificate only.
Add the parameter "-sha1" to the command "Making CA certificate ..." in the section of
file CA.pl (cygwin location \cygwin\usr\ssl\misc”)
- Create a shell (use location \cygwin\usr\ssl\misc)
- Execute commands
- Convert file format from PEM to DER
CA certificate cacert.pem
CA private key file cakey.pem
2. Create server certificate and java keystore
- Execute command
The field “name” of the certificate is the domain name or the IP address of the server.
3. Create certificate request for server certificate
- Execute command
4. Sign certificate request by CA
- Execute command
- Convert file format from PEM to DER
>perl CA.pl –newca
>openssl x509 -in ./demoCA/cacert.pem -inform PEM
-out ./demoCA/cacert.der -outform DER
>openssl pkcs8 -in ./demoCA/private/cakey.pem
-inform PEM -out ./demoCA/private/cakey.der
-outform DER -nocrypt -topk8
>keytool -genkey -alias server
-keypass keypass -keystore customer.ks -storepass keystorepass
-sigalg SHA1withRSA -keyalg RSA
>keytool -certreq -alias server -file server.csr
-keypass keypass -keystore customer.ks
-storepass keystorepass
>openssl ca -in server.csr -out server.pem
>openssl x509 -in server.pem -inform PEM
-out server.der -outform DER