FCL/sf/mw/appinstall: installationservices/swi/test/tsisfile/data/signedsis/Howto generate certificate chains.txt@8b7f4e561641 (annotated)

0 ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1	This file replaces the old generate_certs.bat, which provided incorrect information.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	2
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	3	To generate certificate chains using the existing roots, you must issue some subset of the following commands:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	4
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	5	For DSA Key pairs, first generate a set of DSA key parameters:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	6	# openssl dsaparam -out dsaparam.pem 512
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	7
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	8	Next, generate a certificate request: (this assumes you are using one of the existing config files)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	9
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	10	For DSA Certificates:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	11	# openssl req -newkey dsa:dsaparams.pem -nodes -out dsa.req -keyout dsa.key -config dsa.config -days 3650
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	12
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	13	For RSA Certificates:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	14	# openssl req -newkey rsa:512 -nodes -out rsa.req -keyout rsa.key -config rsa.config -days 3650
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	15
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	16	Finally, generate a signed certificate from the request:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	17
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	18	# openssl x509 -req -in <request file> -out cert.cer -CA <signing certificate> -CAKey <signing key> -CASerial cert.srl -CAcreateserial -days 3650 -extfile <config file> -extensions v3_ca
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	19
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	20	For intermediate certificates for use in SWIS, the extensions must be present as defined in this config section:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	21
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	22	[v3_ca]
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	23	subjectKeyIdentifier=hash
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	24	authorityKeyIdentifier=keyid:always,issuer:always
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	25	basicConstraints=critical,CA:TRUE, pathlen:5
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	26	keyUsage=critical,keyCertSign
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	27
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	28	If these extensions are not present, and installation signed with the resulting certificate as anything other than the end entity will fail.

author	Pat Downey <patd@symbian.org>
	Wed, 01 Sep 2010 12:22:02 +0100
branch	RCL_3
changeset 66	8b7f4e561641
parent 0	ba25891c3a9e
permissions	-rw-r--r--