Thursday, January 24, 2008

A request to a certificate authority using OpenSSL

Signing your certificate by a recognized certificate authority is consists of two steps. First you have to generate a certificate request locally. Then you need to fill a form providing some information and send to the CA. Here we will describe how to generate such a request using OpenSSL.
First you need to generate a private key. If you already have a private key skip this step.

%openssl genrsa -out x.key 1024

Then use that private key to generate your request to the CA.

%openssl req -new -key x.key -out request.pem

This will create a file called request.pem from the private key (x.key). The requset file has the following format.

-----BEGIN CERTIFICATE REQUEST-----
(Base64 encoded certificate request data)
-----END CERTIFICATE REQUEST-----

Then you have to provide your information to the certificate authority. Usually this can be done by sending a fax or by filling an on-line application. Make sure that you are sending accurate information and specially check your request and information on it. Use following commands for the verification.

%openssl req  -noout -text -in  request.pem
%openssl req  -noout -verify -key x.key -in request.pem
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)