Openssl: Difference between revisions

From DWIKI
Line 14: Line 14:


===Network Solutions certificates===
===Network Solutions certificates===
First in chain is the root certificate AddTrustExternalCARoot.crt.
See http://blog.irontechsolutions.com/2008/12/10/ssl-chained-certificates-explained/
 
First in chain is the root certificate AddTrustExternalCARoot.crt. (optional)
 
The next ones are the intermediates: NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt.
The next ones are the intermediates: NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt.


===Generate a signing request===
===Generate a signing request===

Revision as of 09:38, 3 July 2009

Links

Documentation and HOWTOs

Courier-imap and ssl

Network Solutions certificates

See http://blog.irontechsolutions.com/2008/12/10/ssl-chained-certificates-explained/

First in chain is the root certificate AddTrustExternalCARoot.crt. (optional)

The next ones are the intermediates: NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt.

Generate a signing request

openssl req -nodes -newkey rsa:2048 -keyout my.domain.key -out my.domain.csr

The resulting csr is the signing request, my.domain.key is the private key you save not readable for anyone but root!

Tips&Tricks

Examining certificates

openssl verify cert.pem
openssl x509 -in cacert.pem -noout -text


Creating your own CA and signing with it

(based on http://www.eclectica.ca/howto/ssl-cert-howto.php#rootc)

cd /etc/ssl
mkdir newcerts
(perform secret rituals)