Manuals / Sun Microsystems / Computer Equipment / Network Cables

Sun Microsystems 5.1.1 manual Using the OpenSSL Utility, Creating a Sample CA Certificate

Models: 5.1.1

1 114
Download 114 pages 56.55 Kb
Page 36
Image 36

Chapter 4

Section 4.4

Operating SSL

Using the OpenSSL Utility

4.4Using the OpenSSL Utility

The OpenSSL utility is a free implementation of cryptographic, hashing, and public key algorithms such as 3DES, SHA1, and RSA respectively. This utility has many options including certificate signing, which keytool does not provide. You can download OpenSSL from the following Web site:

http://www.openssl.org

Follow the build and installation instruction for OpenSSL.

To learn more about SSL, and the high level aspects of cryptography, a good source of reference is a book entitled SSL and TLS: Designing and Building Secure Systems (by Eric Rescorla, Published by Addison Wesley Professional; ISBN: 0201615983).

4.4.1Creating a Sample CA Certificate

The sample given in this section demonstrates the use of the OpenSSL utility to create a CA. This generated CA is then used to sign a CSR (see “Signing Certificates With Your Own CA” on page 37), whether it is generated from keytool or OpenSSL.

For testing purposes a sample CA can be generated. To avoid spending additional funds to have a commercial CA sign test certificates, a sample is generated and used to sign the test certificate.

Perform the following operations from the command line:

openssl req -config c:\openssl\bin\openssl.cnf -new -x509 - keyout ca-key.pem.txt -out ca-certificate.pem.txt -days 365

Using properties from c:\openssl\bin\openssl.cnf Loading 'screen' into random state: done Generating a 1024 bit RSA private key

.................++++++

.....................++++++

writing new private key to 'ca-key.pem.txt' Enter PEM pass phrase:

Verifying password: Enter PEM pass phrase:

-----

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) []:US

State or Province Name (full name) []:California Locality Name (eg, city) []:Monrovia Organization Name (eg, company) []:SeeBeyond Organizational Unit Name (eg, section) []:Development Common Name (eg, your websites domain name) []

:development.seebeyond.com

Email Address []:development@seebeyond.com

You are prompted for information. You must enter a password and remember this password for signing certificates with the CA’s private key. This command creates a

HTTPS eWay Adapter User’s Guide

36

Sun Microsystems, Inc.

Page 35 Page 37
Page 36
Image 36
Sun Microsystems 5.1.1 manual Using the OpenSSL Utility, Creating a Sample CA Certificate
Page 35 Page 37