author | Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> |
Thu, 17 Dec 2009 08:51:10 +0200 | |
changeset 0 | ba25891c3a9e |
permissions | -rw-r--r-- |
0
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1 |
# To create a RSA root cerificate need to following two steps: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
2 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
3 |
1. Create a private key for the CA: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
4 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
5 |
openssl req -nodes -newkey rsa:1024 -keyout <key file> -out <CA req file> -config <config file> |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
6 |
The config file is input parameter, and should be present in advance. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
7 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
8 |
Example: openssl req -nodes -newkey rsa:1024 -keyout cakey.pem -out careq.pem -config rsa.config |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
9 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
10 |
2. Create the CA certificate: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
11 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
12 |
openssl x509 -req -in <CA req> -extfile <config file> -extensions v3_ca -signkey <key file> -out <CA cert file> -days 3650 |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
13 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
14 |
Example: openssl x509 -req -in careq.pem -extfile rsa.config -extensions v3_ca -signkey cakey.pem -out cacert.pem -days 3650 |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
15 |