beautypg.com

2 signing certificates with your own ca, Signing certificates with your own ca, A csr (see – Sun Microsystems 5.1.1 User Manual

Page 37: Signing certificates with your

background image

Chapter 4

Section 4.4

Operating SSL

Using the OpenSSL Utility

HTTPS eWay Adapter User’s Guide

37

Sun Microsystems, Inc.

private key and the corresponding certificate for the CA. The certificate is valid for 365
days starting from the date and time it was created.

The properties file C:\openssl\bin\openssl.cnf is needed for the req command. The
default config.cnf file is in the OpenSSL package under the apps sub-directory.

Note:

That to use this file in Windows, you must change the paths to use double back-
slashes. See

“Windows OpenSSL.cnf File Example” on page 38

for a complete

Config.cnf

file example, which is known to work in a Windows environment.

4.4.2

Signing Certificates With Your Own CA

The example in this section shows how to create a CSR with keytool and generate a
signed certificate for the CSR with the CA created in the previous section. The steps
shown in this section, for generating a KeyStore and a CSR, were already explained
under

“Creating a KeyStore in JKS Format” on page 29

.

Note:

No details are given here for the keytool commands. See

“Creating a KeyStore in

JKS Format” on page 29

for more information.

To create a CSR with keytool and generate a signed certificate for the CSR

1

keytool –keystore clientkeystore –genkey –alias client

Enter keystore password:

seebeyond

What is your first and last name?
[Unknown]:

development.seebeyond.com

What is the name of your organizational unit?
[Unknown]:

Development

What is the name of your organization?
[Unknown]:

SeeBeyond

What is the name of your City or Locality?
[Unknown]:

Monrovia

What is the name of your State or Province?
[Unknown]:

California

What is the two-letter country code for this unit?
[Unknown]:

US

Is a, C=US>

correct?

[no]:

yes

Enter key password for
(RETURN if same as keystore password):

2

keytool

–keystore clientkeystore

–certreq

–alias client

keyalg rsa

–file client.csr

3

openssl

x509

-req

-CA

ca-certificate.pem.txt

CAkey ca-key.pem.txt

-in client.csr -out client.cer

-days 365

-CAcreateserial

This is how we create a signed certificate for the associated CSR. The option
-CAcreateserial

is needed if this is the first time the command is issued. It is used to

See also other documents in the category Sun Microsystems Hardware: