Cryptography Tutorials - Tutorial Addendum - OpenSSL - Breeding Self-Signed Certificates

photoappsios financeappsios ios appcolt
 31 December 18:00   

    



    



    

(Continued from antecedent part...)

    



    

Here is the command to generated a self-signed affidavit based on a RSA key brace file, _rsa_des.key,

    

generated previously:

    

 

    

>openssl req -new -key _rsa_des.key -x509 -out .crt

    

-config openssl.cnf

    

Enter canyon byword for _rsa_des.key:

    

You are about to be asked to access advice that will be incorporated

    

into your affidavit request.

    

What you are about to access is what is alleged a Acclaimed Name or a DN.

    

There are absolutely a few fields but you can leave some blank

    

For some fields there will be a absence value,

    

If you access . , the acreage will be larboard blank.

    

-----

    

Country Name (2 letter code) []:CN

    

State or Arena Name (full name) []:PN

    

Locality Name (eg, city) []:LN

    

Organization Name (eg, company) []:ON

    

Organizational Assemblage Name (eg, section) []:UN

    

Common Name (eg, YOUR name) []: Yang

    

Email Abode []:.

    

>type .crt

    

-----BEGIN CERTIFICATE-----

    

MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

    

MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

    

VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

    

NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

    

TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

    

ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

    

V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

    

gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

    

FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

    

CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

    

BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

    

BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

    

Wm7DCfrPNGVwFWUQOmsPue9rZBgO

    

-----END CERTIFICATE-----

    



    



    

Note that:

    



        

  • My information, as both "issuer" and "subject", is entered from the keyboard.

        



  •     

  • My accessible key that is included in the affidavit is supplied from my RSA key brace file, _rsa_des.key.

        

    See the antecedent affiliate on how to accomplish a RSA key brace file.

        



  •     

  • My clandestine key that is acclimated to assurance the affidavit is aswell supplied from my RSA key brace file, _rsa_des.key.

        

    But the clandestine key itself will not be included in the certificate.

        

    So don t be abashed of forward the self-signed affidavit to others.

        



  •     

  • The affidavit is adored in an encoded architecture alleged PEM.

        



  •     



    



    



    

Viewing Apparatus of Certificates

    



    

Here is how to see the apparatus of a certificate:

    

 

    

>openssl x509 -in .crt -noout -text

    

Certificate:

    

Data:

    

Version: 3 (0x2)

    

Consecutive Number: 0 (0x0)

    

Signature Algorithm: md5WithRSAEncryption

    

Issuer: C=CN, ST=PN, L=LN, O=ON, OU=UN, CN= Yang

    

Validity

    

Not Before: Jul 15 02:19:47 2002 GMT

    

Not Afterwards : Aug 14 02:19:47 2002 GMT

    

Subject: C=CN, ST=PN, L=LN, O=ON, OU=UN, CN= Yang

    

Accountable Accessible Key Info:

    

Accessible Key Algorithm: rsaEncryption

    

RSA Accessible Key: (512 bit)

    

Modulus (512 bit):

    

00:a9:e6:19:c6:ee:88:01:86:d9:72:9e:93:92:db:

    

57:01:7b:02:84:fc:1e:e3:57:5e:2a:7b:2b:25:9e:

    

bd:ba:c5:95:2c:49:59:28:df:a6:67:86:26:8e:ff:

    

36:cc:3a:84:5c:28:af:6f:11:c8:0c:b5:c2:c5:b9:

    

04:d6:0e:5d:d1

    

Exponent: 65537 (0x10001)

    

X509v3 extensions:

    

X509v3 Accountable Key Identifier:

    

55:C8:EF:49:2B:5D:E4:03:C5:98:1B:68:24:28:47:88:D4:0E:77:04

    

X509v3 Ascendancy Key Identifier:

    

keyid:55:C8:EF:49:2B:5D:E4:03:C5:98:1B:68:24:28:47:88:D4:0E:77:04

    

DirName:/C=CN/ST=PN/L=LN/O=ON/OU=UN/CN= Yang

    

serial:00

    

X509v3 Basal Constraints:

    

CA:TRUE

    

Signature Algorithm: md5WithRSAEncryption

    

3f:ba:0c:c1:ae:38:ca:f6:37:16:9c:35:5f:18:79:64:de:27:

    

0d:46:ad:28:57:b4:62:df:6c:ff:f8:74:17:eb:b6:91:7e:06:

    

6e:ec:a5:9d:23:e2:6e:5a:6e:c3:09:fa:cf:34:65:70:15:65:

    

10:3a:6b:0f:b9:ef:6b:64:18:0e

    



    



    

This affidavit tells us that:

    



        

  • The accountable is "C=CN, ST=PN, L=LN, O=ON, OU=UN, CN= Yang"

        



  •     

  • The accountable s accessible key is included in it.

        



  •     

  • The issuer is "C=CN, ST=PN, L=LN, O=ON, OU=UN, CN= Yang". The issuer is identical

        

    to the subject, because this is a self-signed certificate.

        



  •     

  • The affidavit is accurate for one month.

        



  •     

  • The affidavit is active by the issuer with the signature at the end.

        



  •     



    



    



    

Conclusion

    



    

In this chapter, we accept abstruse how to use the "req" command to accomplish a self-signed certificate,

    

and how to use the "x509" command to appearance the agreeable of a certificate.

    



    



    

 


Tags: certificate, signature, included, subject, command, notes, public, issuer, tutorial, tutorials

 certificate, subject, signed, openssl, public, issuer, x509v3, algorithm, included, command, signature, , des key, public key, rsa des, pair file, rsa key, key pair, signed certificate, file rsa, key pair file, generating self signed, signature algorithm md5withrsaencryption, openssl generating self, notes openssl generating, tutorials tutorial notes, tutorial notes openssl, cryptography tutorials tutorial,

Share Cryptography Tutorials - Tutorial Addendum - OpenSSL - Breeding Self-Signed Certificates:
Digg it!   Google Bookmarks   Del.icio.us   Yahoo! MyWeb   Furl  Binklist   Reddit!   Stumble Upon   Technorati   Windows Live   Bookmark

Text link code :
Hyper link code:

Also see ...

Permalink
Article In : Computers & Technology  -  crypto