Re: [Mono-list] XSP ssl

Tue, 09 May 2006 09:45:46 -0700

After a lot of tryouts we have a certificate that works, we copied allof the steps out of: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cwparent/cw_1105/wlse/2_12/cert_gd/gencert.htm 


Below are the steps we used from that page, the page is a cisco page and 
most likely has nothing to do with what we want to use the certificate 
for but it worked! I hope this is useful to someone else.



     Required Certificate Extensions


The following is an example of the required *certs-exts.cnf *extensions 
file:


[ server_exts ]


extendedKeyUsage = 1.3.6.1.5.5.7.3.1


[ client_exts ]


extendedKeyUsage = 1.3.6.1.5.5.7.3.2

Creating a CA Directory

To create a CA directory, enter the following commands as a root user:


mkdir ca


cd ca


mkdir certs private reqs


echo `01' > serial


touch index.txt


chmod 0700 private


cd ..


     Creating a Self-signed CA Root Certificate and RSA Key



Use the following command sequence to create a self-signed CA root 
certificate and RSA key.




openssl req -x509 -newkey rsa:1024 -keyout ./ca/private/root-key.pem 
-keyform PEM

-out ./ca/certs/root-cert.pem -outform PEM -config ./openssl.cnf


Use the following command to display the certificate:


openssl x509 -in ./ca/certs/root-cert.pem -text


     Converting a CA Certificate to PKCS#12



Use the following command sequence to convert a CA certificate to 
PKCS#12 format. This process is useful for importing a CA certificate to 
a Windows PC for testing purposes.




cat ./ca/certs/root-cert.pem ./ca/private/root-key.pem > 
./ca/private/root-all.pem




openssl pkcs12 -export -in ./ca/private/root-all.pem -out 
./ca/certs/root-cert.p12



     Creating a Server Certificate Request and RSA Key



Use the following command sequence to create a server certificate 
request and RSA key.




openssl req -newkey rsa:1024 -keyout ./ca/private/server-key.pem 
-keyform PEM

-out ./ca/reqs/server-req.pem -outform PEM -config ./openssl.cnf


     Creating a Server Certificate from the Request



Use the following command sequence to create a server certificate from 
the request and reference the certificate extensions file and required 
server certificate extension.




openssl x509 -req -days 365 -in ./ca/reqs/server-req.pem -CA 
./ca/certs/root-cert.pem
-CAkey ./ca/private/root-key.pem -CAserial ./ca/serial -extfile 
./ca/cert-exts.cnf

-extensions server_exts -out ./ca/certs/server-cert.pem


Use the following command to display the server certificate:


openssl x509 -in ./ca/certs/server-cert.pem -text


_______________________________________________
Mono-list maillist  -  [email protected]
http://lists.ximian.com/mailman/listinfo/mono-list














    











					Reply via email to