Chapter 4 | Section 4.4 |
Operating SSL | Using the OpenSSL Utility |
private key and the corresponding certificate for the CA. The certificate is valid for 365 days starting from the date and time it was created.
The properties file C:\openssl\bin\openssl.cnf is needed for the req command. The default config.cnf file is in the OpenSSL package under the apps
Note: That to use this file in Windows, you must change the paths to use double back- slashes. See “Windows OpenSSL.cnf File Example” on page 38 for a complete Config.cnf file example, which is known to work in a Windows environment.
4.4.2Signing Certificates With Your Own CA
The example in this section shows how to create a CSR with keytool and generate a signed certificate for the CSR with the CA created in the previous section. The steps shown in this section, for generating a KeyStore and a CSR, were already explained under “Creating a KeyStore in JKS Format” on page 29.
Note: No details are given here for the keytool commands. See “Creating a KeyStore in JKS Format” on page 29 for more information.
To create a CSR with keytool and generate a signed certificate for the CSR 1
keytool
Enter keystore password: seebeyond What is your first and last name? [Unknown]: development.seebeyond.com
What is the name of your organizational unit? [Unknown]: Development
What is the name of your organization? [Unknown]: SeeBeyond
What is the name of your City or Locality? [Unknown]: Monrovia
What is the name of your State or Province? [Unknown]: California
What is the
Is <CN=Foo Bar, OU=Development, O=SeeBeyond, L=Monrovia, ST=Californi a, C=US> correct?
[no]: yes
Enter key password for <client> (RETURN if same as keystore password):
2
keytool
3
openssl x509
This is how we create a signed certificate for the associated CSR. The option
HTTPS eWay Adapter User’s Guide | 37 | Sun Microsystems, Inc. |