beautypg.com

It infrastructure rap/rac1000 – ADS-TEC RAP/RAC1000 User Manual User Manual

Page 164

background image

IT Infrastructure RAP/RAC1000

164

© ads-tec GmbH • Raiffeisenstr.14 • 70771 Leinfelden-Echterdingen

Note:
This type of authentication is applied to verify that a certificate has been created (and/or

signed) by a certain Certificate Authority. Hence the reliability is based on the trust in the

Certificate Authority, i.e. the trust that this authority has created (and/or signed) the

certificate just for the stated purpose (e.g. for authentication of a specific web page).


C

REATING

C

ERTIFICATES WITH

O

PEN

SSL

CA certificates and thus signed certificates can be created with OpenSSL via the prompt
command. OpenSSL for Windows is downloaded from:

http://www.openssl.org/related/binaries.html

.

Instructions for the example are given

under:

-

http://www.online-tutorials.net/security/openvpn-tutorial/tutorials-t-69-209.html

-

http://www.madboa.com/geek/openssl/

Note:
The sample certificates are for demonstration purposes and must definitely not be used

for true authentication.
The certificates are valid from the time of issue, i.e. the date indicated on the issuing

computer must be correct.
A certificate infrastructure can also be created by means of the Microsoft Windows

Servers 2000/2003 PKI. One point of entry is:

http://www.microsoft.com/pki

.

Identity information (country, name, etc.) must be given to disambiguate the various

certificates. Two various certificates shall not provide exactly the same information. At

least one box must be different (e.g. the common name).

Certificate management with OpenSSL by operating the Windows command line is a bit
troublesome; that’s why we recommend the use of graphic front-ends for smaller-scale
applications. For this purpose the use of free software „XCA“ will be explained in the next

chapter.

C

REATING

C

ERTIFICATES WITH

XCA


Key Management with XCA for OpenVPN
This chapter explains how to create and use CA, Server and Client Certificates by means of
XCA, especially for the application with OpenVPN.

Introduction:
XCA is a very useful and versatile tool of Certificate Management. In the beginning the

diversity of possibilities may be confusing if you want to create „just“ a few certificates for
OpenVPN. Basis of this document is the XCA version 0.9.0.

See also other documents in the category ADS-TEC Routers: