The READIN Family Album
Greetings! (July 15, 2007)

READIN

Jeremy's journal

All I wanna do is fall in love, while there's still time.

Robyn Hitchcock


(This is a page from my archives)
Front page
More recent posts
Older posts

Archives index
Subscribe to RSS

This page renders best in Firefox (or Safari, or Chrome)

🦋 OpenSsl Certificate Authority

I've been working on learning OpenSsl, and pursuant to that I needed to figure out how to implement a Certificate Authority. I messed around some withCA.pl, which is included in the OpenSsl distribution; but there is some kind of compatibilityissue with OpenSsl on my school machines. So here is my solution complete with hacks:

  • openssl genrsa -out cakey.pem 2048
    openssl req -new -x509 -key cakey.pem -out cacert.pem -days 1095


    This creates a private key and certificate for the Certificate Authority
  • perl CA.pl -newca


    I'm just using the functionality in CA.pl for creating a demoCA directorytree. When prompted, specify that you want to use the cacert.pem you created in the previous step.
  • cp cakey.pem demoCA/private/cakey.pem
    echo 1000 > demoCA/serial


    These are two hacks -- CA.pl did not copy my cakey.pem into its proper location,and did not create a serial number file in demoCA. The "1000" could be any number.
  • openssl genrsa -out cli.pem 2048
    openssl req -new -key cli.pem -out cli.csr
    openssl ca -in cli.csr -out clicert.pem


    To create a new signed certificate, follow these three steps: first create a privatekey, then create a certificate request, then sign the certificate request.

posted evening of Tuesday, July 18th, 2006

Respond:

Name:
E-mail:
(will not be displayed)
Link:
Remember info

Drop me a line! or, sign my Guestbook.
    •
Check out Ellen's writing at Patch.com.

Where to go from here...

Friends and Family
Programming
Texts
Music
Woodworking
Comix
Blogs
South Orange
readinsinglepost