This is what I did, hope it helps. 

You can create a directory and work under this directory. 

1. Create a self signed CA

openssl genrsa -des3 -out ca.key 1024                           (generate CA
key)
openssl req -new -x509 -days 365 -key ca.key -out ca.crt        (Create self
signed certificate)

2. To sign a certificate, use the sign.sh comes with openssl. 

3. Create Server certificate

openssl genrsa -des3 -out server.key 1024
(generate server key)
openssl req -new -key server.key -out server.csr                (generate
request)

4. Sign the server certificate

sign.sh server.csr

5. Create client certificate

openssl genrsa -des3 -out my.key
(generate client key)
openssl req -new -key my.key -out my.csr
(generate request)
sign.sh my.csr
(sign request)

openssl pkcs12 -export -inkey my.key -in my.crt -out my.p12 -name "Test"
-certfile CA.crt (create PKCS#12, you can imported it into IE, netscape). 
        


James Xie


-----Original Message-----
From: Sean Gillings [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 20, 2000 7:03 AM
To: "[EMAIL PROTECTED]"@opensource.ee.ethz.ch
Subject: Urgent Query: Self Signed Certificate (creation)


Dear Sir/Madam,

I want to set up a secure web server (https) using your OpenSSL toolkit & am
having some difficulty. I've checked the FAQ but it didn't give me what I
need (FYI I'm experienced in C, some experience of shell scripts / general
unix commands, no perl, experienced in general web principles but a relative
novice in security/encryption etc).

I (think) need to create a self signed certificate (ie not one from a
Verisign reseller) to give to a small number of users who will access our
web server for administration purposes.

I tried using

$openssl CA                     (can't remember the params as I'm at home
presently)

but it complained that the random number generator wasn't seeded. I then
tried

$openssl rand -out rand.dat 4869
$openssl rand -??? rand.dat                     (can't remember exact params
but there are
only 2)

in the hope that would create a file with random binary data in that I could
seed it with. It doesn't work. Can you help?

What are the main steps I need to fo through, the FAQ answers specific
questions but doesn't really give a walkthru of common scenarios. This would
be really helpful as my business project relies on this aspect working. Many
thanks in advance.

PS. Environment = Sun E250 running Solaris 7 & a Sun Ultra10 running Solaris
8. make as delivered under solaris. Compiler = gcc.
--
Sean Gillings
Head of Development
Publicis Networks

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to