Hi There: If you're looking for a cookbook, and want a fairly comprehensive explanation of how all of the moving parts work:
http://www.carillon.ca/library/openssl_testca_howto_1.2.pdf Have fun. Patrick. On August 19, 2009 07:18:39 am deblarinteln wrote: > Hi Goetz, *, > > > There is the man page x509v3_config. > > It should contain the info you need. > > A hint: x509v3_config describes data found in the openssl.cnf file. > > So this data is used on creating a certificate / CSR... > > well I have created a certificate with all neccessary data. At least I > think I've done it right. And yes, as you said, crypto isn't a thing to > deal with, if you haven't got at least a minor understanding of what one is > doing. Well, I think that I do have at least a minor understanding, but on > the other hand I'm not that far, that I know how to deal with some sorts of > jobs I need to do. Just as like as the one I'm still working on. A > certificate for some subdoimains and the maindomain. All dmians should have > the same cerfcate. > > C:\ssl>dir > Datenträger in Laufwerk C: ist System > Volumeseriennummer: F8B1-B3F8 > > Verzeichnis von C:\ssl > > 19.08.2009 12:47 <DIR> . > 19.08.2009 12:47 <DIR> .. > 19.08.2009 10:01 1.024 .rnd > 19.08.2009 10:02 1.407 cacert.pem > 19.08.2009 10:02 963 cakey.pem > 19.08.2009 12:55 2.013 cert.p12 > 21.07.2009 09:32 <DIR> certs > 21.07.2009 09:32 0 database.txt > 19.08.2009 10:06 963 key.pem > 21.07.2009 09:32 <DIR> keys > 19.08.2009 10:09 822 req.pem > 21.07.2009 09:32 <DIR> requests > 21.07.2009 09:32 0 serial.txt > 8 Datei(en), 7.192 Bytes > 5 Verzeichnis(se), 493.483.315.200 Bytes frei > > C:\ssl>openssl x509 -text -in cacert.pem > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > ab:49:2d:9c:cd:b2:e2:b5 > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=DE, ST=Niedersachsen, L=somewhre, O=xxxxx GmbH, > OU=Administr > ation, CN=somename/emailaddress=some...@mydomain.tld > Validity > Not Before: Aug 19 08:02:58 2009 GMT > Not After : Aug 18 08:02:58 2012 GMT > Subject: C=DE, ST=Niedersachsen, L=somewhere, O=xxxxx GmbH, > OU=Administ > ration, CN=somename/emailaddress=i...@mydomain.tld > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > 00:d6:03:54:4b:b4:13:e8:cd:97:49:6f:ae:11:c4: > 2b:04:ec:b2:b1:06:4b:8f:71:ba:85:fa:10:14:6d: > 88:be:7f:37:53:15:3b:39:4e:26:9d:02:ba:3c:bd: > 6e:3e:db:33:a0:19:f0:b2:cf:ef:42:30:03:7d:9a: > 2b:04:85:af:3e:03:51:d3:2b:f6:af:56:38:38:93: > e4:8a:2d:1f:ed:86:53:a8:33:9a:06:6e:cf:c6:ec: > 6c:37:d7:90:d6:19:02:69:6f:93:0d:d7:d8:6d:11: > 96:1b:d2:16:51:09:2a:f5:f3:c3:3a:19:ce:bc:ef: > 26:b2:77:33:03:a9:eb:6c:31 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Subject Key Identifier: > A8:75:05:9B:F0:02:C7:F5:0E:99:34:97:3D:25:E0:01:9E:29:AA:10 > X509v3 Authority Key Identifier: > > keyid:A8:75:05:9B:F0:02:C7:F5:0E:99:34:97:3D:25:E0:01:9E:29:AA:1 > 0 > DirName:/C=DE/ST=Niedersachsen/L=Rinteln/O=xxxxx > GmbH/OU=Admi > nistration/CN=somename/emailaddress=i...@mydomain.tld > serial:AB:49:2D:9C:CD:B2:E2:B5 > > X509v3 Basic Constraints: > CA:TRUE > Signature Algorithm: sha1WithRSAEncryption > 2e:2f:33:0c:4a:88:df:88:d2:6c:23:93:a7:41:d9:12:14:f4: > 7f:8e:10:a0:d5:d5:d4:7e:d2:d1:02:d3:37:9e:19:b3:e6:48: > 7e:3e:f2:90:8b:3c:b2:d2:e6:90:eb:4d:a3:3d:4f:30:d9:a7: > 12:98:06:6d:02:62:c3:83:41:60:d4:3c:c6:97:03:0c:ec:fc: > f5:62:94:06:20:5a:cc:f9:e7:c8:e9:bd:90:f4:2b:9d:d6:c7: > 96:53:a5:03:45:b2:04:90:db:5a:f2:b9:23:89:4f:10:e9:29: > b7:a1:47:60:01:72:42:c5:50:91:19:60:b8:7f:64:7b:98:d7: > 72:f3 > -----BEGIN CERTIFICATE----- > MIID4zCCA0ygAwIBAgIJAKtJLZzNsuK1MA0GCSqGSIb3DQEBBQUAMIGoMQswCQYD > VQQGEwJERTEWMBQGA1UECBMNTmllZGVyc2FjaHNlbjEQMA4GA1UEBxMHUmludGVs > bjEWMBQGA1UEChMNRGVCbGFUZWsgR21iSDEXMBUGA1UECxMOQWRtaW5pc3RyYXRp > b24xGDAWBgNVBAMTD0Rlbm5pcyBCbGF1bWFubjEkMCIGCSqGSIb3DQEJARYVZGJs > YXVtYW5uQGRlYmxhdGVrLmRlMB4XDTA5MDgxOTA4MDI1OFoXDTEyMDgxODA4MDI1 > OFowgagxCzAJBgNVBAYTAkRFMRYwFAYDVQQIEw1OaWVkZXJzYWNoc2VuMRAwDgYD > VQQHEwdSaW50ZWxuMRYwFAYDVQQKEw1EZUJsYVRlayBHbWJIMRcwFQYDVQQLEw5B > ZG1pbmlzdHJhdGlvbjEYMBYGA1UEAxMPRGVubmlzIEJsYXVtYW5uMSQwIgYJKoZI > hvcNAQkBFhVkYmxhdW1hbm5AZGVibGF0ZWsuZGUwgZ8wDQYJKoZIhvcNAQEBBQAD > gY0AMIGJAoGBANYDVEu0E+jNl0lvrhHEKwTssrEGS49xuoX6EBRtiL5/N1MVOzlO > Jp0Cujy9bj7bM6AZ8LLP70IwA32aKwSFrz4DUdMr9q9WODiT5IotH+2GU6gzmgZu > z8bsbDfXkNYZAmlvkw3X2G0RlhvSFlEJKvXzwzoZzrzvJrJ3MwOp62wxAgMBAAGj > ggERMIIBDTAdBgNVHQ4EFgQUqHUFm/ACx/UOmTSXPSXgAZ4pqhAwgd0GA1UdIwSB > 1TCB0oAUqHUFm/ACx/UOmTSXPSXgAZ4pqhChga6kgaswgagxCzAJBgNVBAYTAkRF > MRYwFAYDVQQIEw1OaWVkZXJzYWNoc2VuMRAwDgYDVQQHEwdSaW50ZWxuMRYwFAYD > VQQKEw1EZUJsYVRlayBHbWJIMRcwFQYDVQQLEw5BZG1pbmlzdHJhdGlvbjEYMBYG > A1UEAxMPRGVubmlzIEJsYXVtYW5uMSQwIgYJKoZIhvcNAQkBFhVkYmxhdW1hbm5A > ZGVibGF0ZWsuZGWCCQCrSS2czbLitTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB > BQUAA4GBAC4vMwxKiN+I0mwjk6dB2RIU9H+OEKDV1dR+0tEC0zeeGbPmSH4+8pCL > PLLS5pDrTaM9TzDZpxKYBm0CYsODQWDUPMaXAwzs/PVilAYgWsz558jpvZD0K53W > x5ZTpQNFsgSQ21ryuSOJTxDpKbehR2ABckLFUJEZYLh/ZHuY13Lz > -----END CERTIFICATE----- > > > I think .cer is just DER encoded data. > > The OpenSSL subcommand x509 has an option to save a certificate > > in DER format. > > > > > > I admit I'm somewhat vague. > > This is on purpose, because in the range of > > shooting-yourself-in-the-foot opensll and cryptography > > is a very big canon. > > It is essential to have at least some basic understanding about what you > > do. > > Giving you a cookbook will not give you this understanding. > > Well, I know exactly what you're saying and under "normal" circumstances I > would agree to your cookbook statement, but sometimes you're facing > challenges and for somewhat reasons you're standing since a while on the > hose and haven't got a clue, why - and that's where I'm at. > > Maybe you or someone else on the list might be so kind to help me out, so > that I'll get the thing done. > > Thaks a lot to all who might help me! > Greetings > NielsJ > > - -- > DMCA: The greed of the few outweighs the freedom of the many > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFKg/wo2iGqZUF3qPYRAoMDAJ4sT61SRz/HP5qNWz0JS+ods5XwvQCdHdIQ > 9rkSIeIMrBMQ5oElgaHCcJg= > =erui > -----END PGP SIGNATURE----- > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
