beautypg.com

4 using the openssl utility, 1 creating a sample ca certificate, Using the openssl utility – Sun Microsystems 5.1.1 User Manual

Page 36: Creating a sample ca certificate

background image

Chapter 4

Section 4.4

Operating SSL

Using the OpenSSL Utility

HTTPS eWay Adapter User’s Guide

36

Sun Microsystems, Inc.

4.4

Using the OpenSSL Utility

The OpenSSL utility is a free implementation of cryptographic, hashing, and public
key algorithms such as 3DES, SHA1, and RSA respectively. This utility has many
options including certificate signing, which keytool does not provide. You can
download OpenSSL from the following Web site:

http://www.openssl.org

Follow the build and installation instruction for OpenSSL.

To learn more about SSL, and the high level aspects of cryptography, a good source of
reference is a book entitled SSL and TLS: Designing and Building Secure Systems (by Eric
Rescorla, Published by Addison Wesley Professional; ISBN: 0201615983).

4.4.1

Creating a Sample CA Certificate

The sample given in this section demonstrates the use of the OpenSSL utility to create a
CA. This generated CA is then used to sign a CSR (see

“Signing Certificates With Your

Own CA” on page 37

), whether it is generated from keytool or OpenSSL.

For testing purposes a sample CA can be generated. To avoid spending additional
funds to have a commercial CA sign test certificates, a sample is generated and used to
sign the test certificate.

Perform the following operations from the command line:

openssl

req

-config c:\openssl\bin\openssl.cnf

-new

-x509

-

keyout

ca-key.pem.txt -out

ca-certificate.pem.txt

-days

365

Using properties from c:\openssl\bin\openssl.cnf
Loading 'screen' into random state: done
Generating a 1024 bit RSA private key
.................++++++
.....................++++++
writing new private key to 'ca-key.pem.txt'
Enter PEM pass phrase:
Verifying password: Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be

incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name

or a DN.

There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:US
State or Province Name (full name) []:California
Locality Name (eg, city) []:Monrovia
Organization Name (eg, company) []:SeeBeyond
Organizational Unit Name (eg, section) []:Development
Common Name (eg, your websites domain name) []

:development.seebeyond.com

Email Address []:[email protected]

You are prompted for information. You must enter a password and remember this
password for signing certificates with the CA’s private key. This command creates a

See also other documents in the category Sun Microsystems Hardware: