On Wednesday 13 August 2003 11:37, you wrote: deci, certificatul in cauza imi trebuie pentru un server Apache :) so...creez un cert pe care-l semnez tot yo deci: #openssl req -config /etc/ssl/openssl.cnf -new -keyout newkey.pem -out newcert.pem
iar el acum imi cere PEM pass phrase, intrebarea e: ce tre sa bag aici? pe PEM pass phrase? PEM-ul root CA-ului se introduce cand se semneaza certificatul... acum avem 2 fisiere unul cu cheia privata, newkey.pem si unul cu certificatul newcert.pem > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wednesday 13 August 2003 11:10, you wrote: > > Am configurat un root CA, am creat un self-signed cert si am > > cacert.pem si cakey.pem in /etc/ssl respectiv /etc/ssl/private/ > > in /etc/ssl/openssl.cnf am setat dir = /etc/ssl > > si totul e ok. > > Cand dau sa creez un nou certificat > > #openssl req -config /etc/ssl/openssl.cnf -new -keyout newreq.pem > > -out newreq.pem -days 365 > > > > imi cere PEM pass phrase...indiferent daca bag PEM pass phrase-ul > > root CA-ului, sau orice altceva, imi creaza noul certificat. E > > normal? > > pasii sunt urmatorii: > > 1. creare certificat nou > openssl genrsa -des3 -out ce_vrei_tu.key 1024 > 2. certificate signing request > openssl req -new -key ce_vrei_tu.key -out ce_vrei_tu.csr -days 365 > 3. semnarea efectiva certificatului > openssl ca -config fisier_de_config.cnf -out ce_vrei_tu.crt -infiles > ce_vrei_tu.csr > 4. verificare certificat > openssl verify -CAfile /unde/este/CA.crt /unde/este/ce_vrei_tu.crt > > > - -- > Cu respect/Best Regards, > Adrian Mazarache > > Public key: http://london.forte.ro/mazasign.asc > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2 (GNU/Linux) > > iD8DBQE/OfjoEbm/AUY3ZdkRAtb4AJ4ukur4nMnskHbmcvAy20hlVWVrkACff/EF > mSaawitSfQDp6UI6gnBZSr4= > =EZhT > -----END PGP SIGNATURE----- > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ -- Stefan, a simple Debian user. Linux registered user: #272012 [Linux is Friendly. It's just selective about who his friends are.] --- Detalii despre listele noastre de mail: http://www.lug.ro/
