OpenSSL How To Manual

Revision for “OpenSSL How To Manual” created on September 9, 2014 @ 22:21:16

Title
OpenSSL How To Manual
Content
<h3>Security Certificates for OpenFresco</h3> <ol> <li><a href="http://www.slproweb.com/products/Win32OpenSSL.html">Download openSSL</a> (for win32)</li> <li>Install in “C:\Program Files\OpenSSL\” by following the onscreen instructions</li> </ol> <h3>Creating Self-Signed Certificates</h3> <ol> <li>Run openssl.exe from a command prompt:  <span style="color: #ff9900;">C:\Program Files\OpenSSL\bin&gt; openssl</span></li> <li>Generate a private key for the server: <ol> <li>with password: <span style="color: #ff9900;"> OpenSSL&gt; genrsa -des3 -out server.key 4096</span></li> <li>without password:  <span style="color: #ff9900;">OpenSSL&gt; genrsa -out server.key 4096</span></li> </ol> </li> <li>Generate a self-signed certificate from the private key:  <span style="color: #ff9900;">OpenSSL&gt; req -new -x509 -days 365 -key server.key -out server.crt</span> <ol> <li><em>provide the required information (an example is shown below, but you should use the information for your location, organization, and identification):</em></li> <li>Country Name: <span style="color: #ff9900;">US</span></li> <li>State or Province Name: <span style="color: #ff9900;">California</span></li> <li>Locality Name: <span style="color: #ff9900;">Berkeley</span></li> <li>Organization Name: <span style="color: #ff9900;">NEES</span></li> <li>Organizational Unit Name: <span style="color: #ff9900;">UCB</span></li> <li>Common Name: <span style="color: #ff9900;">OpenFresco</span></li> <li>Email Address: <span style="color: #ff9900;">...</span></li> </ol> </li> <li>Generate a client CA certificate by making a copy: <span style="color: #ff9900;"> &gt; copy server.crt client_ca.crt</span></li> <li>Repeat the above four steps to generate the following files: <span style="color: #ff9900;"> client.key, client.crt, server_ca.crt</span></li> <li>Place the server files in folder where server-program will be run and the client files in folder where client-program will be run.</li> </ol> <h3>Creating Certificates using your own CA (Certificate Authority)</h3> <ol> <li>Run openssl.exe from a command prompt:  <span style="color: #ff9900;">C:\Program Files\OpenSSL\bin&gt; openssl</span></li> <li>Generate a private key for your own local CA: <ol> <li>with password (preferably):  <span style="color: #ff9900;">OpenSSL&gt; genrsa -des3 -out ca.key 4096</span></li> <li>without password:  <span style="color: #ff9900;">OpenSSL&gt; genrsa -out ca.key 4096</span></li> </ol> </li> <li>Generate a CA certificate from the private key (copies will be made in 9):  <span style="color: #ff9900;">OpenSSL&gt; req -new -x509 -days 3650 -key ca.key -out ca.crt</span> <ol> <li><em>provide the required information (an example is shown below, but you should use the information for your location, organization, and identification):</em></li> <li>Country Name: <span style="color: #ff9900;">US</span></li> <li>State or Province Name: <span style="color: #ff9900;">California</span></li> <li>Locality Name:<span style="color: #ff9900;"> Berkeley</span></li> <li>Organization Name:<span style="color: #ff9900;"> NEES</span></li> <li>Organizational Unit Name: <span style="color: #ff9900;">UCB</span></li> <li>Common Name: <span style="color: #ff9900;">OpenFrescoCA</span></li> <li>Email Address: <span style="color: #ff9900;">...</span></li> </ol> </li> <li>Create a directory called “localCA” with a subdirectory “private” and move ca.key into ..\localCA\private\ and ca.crt into ..\localCA\. This concludes the generation of the local certificate authority. In the next few steps the server and client certificate requests are generated and signed by the CA.</li> <li>Generate a private key for the server: <ol> <li>with password:  <span style="color: #ff9900;">OpenSSL&gt; genrsa -des3 -out server.key 4096</span></li> <li>without password:  <span style="color: #ff9900;">OpenSSL&gt; genrsa -out server.key 4096</span></li> </ol> </li> <li>Generate a certificate request from the private key:  <span style="color: #ff9900;">OpenSSL&gt; req -new -key server.key -out server.csr</span> <ol> <li><em>provide the required information (an example is shown below, but you should use the information for your location, organization, and identification):</em></li> <li>Country Name: <span style="color: #ff9900;">US</span></li> <li>State or Province Name: <span style="color: #ff9900;">California</span></li> <li>Locality Name: <span style="color: #ff9900;">Berkeley</span></li> <li>Organization Name: <span style="color: #ff9900;">NEES</span></li> <li>Organizational Unit Name: <span style="color: #ff9900;">UCB</span></li> <li>Common Name: <span style="color: #ff9900;">OpenFrescoServer</span></li> <li>Email Address: <span style="color: #ff9900;">...</span></li> <li>A challenge password: <span style="color: #ff9900;">*******</span></li> <li>An optional company name:</li> </ol> </li> <li>Sign the certificate request with the CA:  <span style="color: #ff9900;">OpenSSL&gt; x509 -req -days 365 -in server.csr -CA ..\localCA\ca.crt -CAkey ..\localCA\private\ca.key -set_serial 01 -out server.crt</span></li> <li>Repeat steps 5, 6 &amp; 7 to generate the following files:  <span style="color: #ff9900;">client.key, client.csr, client.crt</span></li> <li>Place server_ca.crt (a copy of ca.crt), server.key &amp; server.crt files in folder where server-program will be run and client_ca.crt (a copy of ca.crt), client.key &amp; client.crt files in folder where client-program will be run.</li> </ol>
Excerpt


OldNewDate CreatedAuthorActions
September 9, 2014 @ 22:21:16 Andreas Schellenberg
September 9, 2014 @ 22:20:17 Andreas Schellenberg
September 9, 2014 @ 22:15:29 Andreas Schellenberg
September 9, 2014 @ 22:14:45 Andreas Schellenberg
September 9, 2014 @ 22:13:13 Andreas Schellenberg
September 9, 2014 @ 20:32:13 Andreas Schellenberg
September 9, 2014 @ 20:25:10 Andreas Schellenberg
Bookmark the permalink.