Appendix E: Creating CA Files
ii)Strip passphrase:
openssl rsa -in cakey.pem -out cakey-nopassword.pem
iii)Combine the key and X.509 certificate files into server.pem: cat
iv)Collect all 3 PEM files and prepare to upload to IPCS server: server.pem , cacert.pem , cakey.pem
2.Signed by trustworthy CA:
i)Prepare private key cakey.pem:
openssl genrsa –des3 –out cakey.pem 1024
meaning of parameters:
genrsa : generate RSA private key
des3 : encrypt certificate by DES3
1024 : the key size is
ii)Prepare a Certificate Signing Request:
openssl req –new –key cakey.pem –out server.csr
openSSL toolkit will prompt the user with a message to guide the user to fill out a registration form. Once it is complete, users can submit the CSR file to www.verisign.com for testing or refer to http://www.hitrust.com.tw/hitrustexe/frontend/default_tw.asp (located in Taiwan) to apply for a signed certificate. Get the certificate and name the file as “cacert.pem”.
iii) Strip passphrase:
openssl rsa
iv)Combine the key and X.509 certificate files into server.pem: cat
v)Collect all 3 PEM files for upload:
server.pem , cacert.pem , cakey.pem
59