Friday, July 24, 2009

OpenSSL CA-Infrastructure

Generate your own private key and make sure none will ever get access to your private key:
openssl genrsa -des3 -out private.key 2048

If you need your public key outside of a certificate issue this command:
openssl rsa -in private.key -pubout -out public.key

To generate a certificate request for your key:
openssl req -new -key private.key -out certificate.csr

Now you should send your certificate request ONLY to the certification authority; someone, on the other side will view your request:
openssl req -text -noout -in certificate.csr

and then will decide to sign your request sending a valid certificate
openssl x509 -days 365 -in certificate.csr -out certificate.crt -sha1 -CA ca.crt -CAkey ca.key -req -extfile user.ext