[Mono-list] XSP ssl

Carlos Solorzano carlos at applianz.com
Tue May 9 12:46:48 EDT 2006 

After a lot of tryouts we have a certificate that works, we copied allof 
the steps out of:  
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cwparent/cw_1105/wlse/2_12/cert_gd/gencert.htm


Below are the steps we used from that page, the page is a cisco page and 
most likely has nothing to do with what we want to use the certificate 
for but it worked! I hope this is useful to someone else.


      Required Certificate Extensions

The following is an example of the required *certs-exts.cnf *extensions 
file:

[ server_exts ]


extendedKeyUsage = 1.3.6.1.5.5.7.3.1


[ client_exts ]


extendedKeyUsage = 1.3.6.1.5.5.7.3.2

Creating a CA Directory

To create a CA directory, enter the following commands as a root user:


mkdir ca


cd ca


mkdir certs private reqs


echo `01' > serial


touch index.txt


chmod 0700 private


cd ..


      Creating a Self-signed CA Root Certificate and RSA Key


Use the following command sequence to create a self-signed CA root 
certificate and RSA key.


openssl req -x509 -newkey rsa:1024 -keyout ./ca/private/root-key.pem 
-keyform PEM
-out ./ca/certs/root-cert.pem -outform PEM -config ./openssl.cnf


Use the following command to display the certificate:


openssl x509 -in ./ca/certs/root-cert.pem -text


      Converting a CA Certificate to PKCS#12


Use the following command sequence to convert a CA certificate to 
PKCS#12 format. This process is useful for importing a CA certificate to 
a Windows PC for testing purposes.


cat ./ca/certs/root-cert.pem ./ca/private/root-key.pem > 
./ca/private/root-all.pem


openssl pkcs12 -export -in ./ca/private/root-all.pem -out 
./ca/certs/root-cert.p12


      Creating a Server Certificate Request and RSA Key


Use the following command sequence to create a server certificate 
request and RSA key.


openssl req -newkey rsa:1024 -keyout ./ca/private/server-key.pem 
-keyform PEM
-out ./ca/reqs/server-req.pem -outform PEM -config ./openssl.cnf


      Creating a Server Certificate from the Request


Use the following command sequence to create a server certificate from 
the request and reference the certificate extensions file and required 
server certificate extension.


openssl x509 -req -days 365 -in ./ca/reqs/server-req.pem -CA 
./ca/certs/root-cert.pem
-CAkey ./ca/private/root-key.pem -CAserial ./ca/serial -extfile 
./ca/cert-exts.cnf
-extensions server_exts -out ./ca/certs/server-cert.pem


Use the following command to display the server certificate:


openssl x509 -in ./ca/certs/server-cert.pem -text

More information about the Mono-list mailing list