Announcement

Collapse
No announcement yet.

OpenSSL Command-prompt: unable to create a specifica self-signed certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • OpenSSL Command-prompt: unable to create a specifica self-signed certificate

    Hello.
    I don't know if this is the best forum for this but I hope so.
    After some studying I managed to create a self-signed certificate using OpenSSL command-prompt. However I don't know how to create it according to what was asked. I have used the following lines:

    1. To create a private RSA 1024 key:
    openssl genrsa -out PrivateKey.pem 1024

    2. To get the public key from the private one:
    openssl rsa -in PrivateKey.pem -out PublicKey.pem -outform PEM –pubout

    3. To create the request for my certificate:
    openssl -new -utf8 -key PrivateKey.pem -out Mine.Csr

    4. To self-sign my certificate:
    openssl x509 -req -sha1 -days 365 -in Mine.csr -signkey PrivateKey.Pem -out Mine.crt

    I've stopped when I tried to get what was asked for, ie, to create a self-signed certificate based on the private key with the following specifications:
    x.509 format (which it's solved)
    UTF-8 charset ( I think it's also solved )
    Base-64 Encoding ( I think it's solved taking into account that the keys are in PEM format )
    Endianess = Little Endian( not solved)
    OAEP Padding = PKCS1 v1.5 padding (not solved)
    Hash message format=SHA-1 (I think it is also solved)

    I've been looking for a solution since Wednesday, so please feel free to help me on this ( OpenSSL is an excellent service but lacks an active community or at least one that is easy to get to ).

    Thanks.

  • #2
    Re: OpenSSL Command-prompt: unable to create a specifica self-signed certificate

    I know this may not sound like a solution but why not purchase a cert from a trusted CA? Surely that would be easier considering the cheap price of certificates these days? Or is there a reason thaty you must use OpenSSL?

    Comment


    • #3
      Re: OpenSSL Command-prompt: unable to create a specifica self-signed certificate

      Hello, scurlaruntings.

      I was asked to do it using OpenSsl. At this moment I'm considering acquiring either a certificate as you suggested or purchasing a commercial software that will allow me to do it through a small application.

      Thanks.

      Comment


      • #4
        Re: OpenSSL Command-prompt: unable to create a specifica self-signed certificate

        Originally posted by CCharles View Post
        Hello, scurlaruntings.

        I was asked to do it using OpenSsl. At this moment I'm considering acquiring either a certificate as you suggested or purchasing a commercial software that will allow me to do it through a small application.

        Thanks.
        Theres a number of caveats involved when using self signed certificates. The certificate needs to be installed client side in order to be trusted and depending on your enviroment auto enrollment may have to be considered to ease the burden of this task. Additionally a certificate from a "Trusted CA" simply makes the job far easier for deployment. I would encourage you not to waste time on a self signed certificate as the number of caveats involved to get it to work isnt a productive use of time. Out of interest what platforms are you deploying this on client/server? Presumably you have OpenSSL already compiled on a linux distrubution of some sort?

        Comment


        • #5
          Re: OpenSSL Command-prompt: unable to create a specifica self-signed certificate

          The openssl mailing lists are here: http://openssl.org/support/community.html

          Just sign up and post the question there, there is an active an helpful community monitoring these
          Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

          BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

          Comment


          • #6
            Re: OpenSSL Command-prompt: unable to create a specifica self-signed certificate

            It will be in Windows.

            About the community of OpenSsl since it is based on mailing lists, I haven't posted there but maybe I will since you say it's an active community.

            Thank you all.

            Comment

            Working...
            X