Openssl: Difference between revisions
From DWIKI
| Line 14: | Line 14: | ||
===Network Solutions certificates=== | ===Network Solutions certificates=== | ||
First in chain is the root certificate AddTrustExternalCARoot.crt. | See http://blog.irontechsolutions.com/2008/12/10/ssl-chained-certificates-explained/ | ||
First in chain is the root certificate AddTrustExternalCARoot.crt. (optional) | |||
The next ones are the intermediates: NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt. | The next ones are the intermediates: NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt. | ||
===Generate a signing request=== | ===Generate a signing request=== | ||
Revision as of 09:38, 3 July 2009
Links
Documentation and HOWTOs
- OpenSSL Certificate Authority Setup
- ssl cert HOWTO
- OpenSSL Command-Line HOWTO
- 1. Way: SubjectAltName Only
Courier-imap and ssl
- http://linsec.ca/Using_Courier-IMAP_and_SSL
- http://linux.seindal.dk/2005/12/04/making-a-courier-imap-ssl-sertificate/
Network Solutions certificates
See http://blog.irontechsolutions.com/2008/12/10/ssl-chained-certificates-explained/
First in chain is the root certificate AddTrustExternalCARoot.crt. (optional)
The next ones are the intermediates: NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt.
Generate a signing request
openssl req -nodes -newkey rsa:2048 -keyout my.domain.key -out my.domain.csr
The resulting csr is the signing request, my.domain.key is the private key you save not readable for anyone but root!
Tips&Tricks
Examining certificates
openssl verify cert.pem
openssl x509 -in cacert.pem -noout -text
Creating your own CA and signing with it
(based on http://www.eclectica.ca/howto/ssl-cert-howto.php#rootc)
cd /etc/ssl mkdir newcerts (perform secret rituals)
