This shows you the differences between two versions of the page.
en:linux:openssl [2011/01/11 22:57] matthieu [Public/Private Key mecanism] |
en:linux:openssl [2011/01/11 23:06] (current) matthieu [Generate the CRL] |
||
---|---|---|---|
Line 15: | Line 15: | ||
Keys are complementary, any data encrypted by the private key can be read with the public key, any data encrypted with the public key can only be read with the private key. | Keys are complementary, any data encrypted by the private key can be read with the public key, any data encrypted with the public key can only be read with the private key. | ||
- | The goal of the certificate is to prove the identity of the public key. The Certificate Autority entrust that the public key belong the given website. | + | The goal of the certificate is to prove the identity of the public key. The Certificate Autority vouch that the public key belong to the given website. |
A certificate is signed by the private key of the Certificate Autority, the browser use the public key of the CA to check the validity of the website certificate. | A certificate is signed by the private key of the Certificate Autority, the browser use the public key of the CA to check the validity of the website certificate. | ||
Line 122: | Line 122: | ||
===== Sign a certificate with a second one ====== | ===== Sign a certificate with a second one ====== | ||
- | How to sign a certificate with a CA. Warning, this way doesn't allow to manage a Certificate Revocation List (CRL) | + | How to sign a certificate with a CA.\\ |
+ | :!: This method doesn't allow to manage a Certificate Revocation List (CRL) | ||
Command : | Command : | ||
Line 231: | Line 232: | ||
- | ==== View details of a ceritificate request (CSR) ==== | + | ==== View details of a certificate request (CSR) ==== |
Command : | Command : | ||
openssl req -in newcsr.csr -text -noout | openssl req -in newcsr.csr -text -noout | ||
Line 272: | Line 273: | ||
===== Create a mini Certificate Autority (CA) ===== | ===== Create a mini Certificate Autority (CA) ===== | ||
- | We will now create a CA to sign some certificates. This CA will be stored in ///etc/ssl/ca_bouthors.fr/// | + | We will now create a CA to sign some certificates. This CA will be stored into ///etc/ssl/ca_bouthors.fr/// |
- | The command //openssl ca// allow to manage CA. | + | The command //openssl ca// allows to manage a CA. |
Line 489: | Line 490: | ||
</file> | </file> | ||
- | Ne pas oublier de changer la configuration par défaut : | + | Don't forget to change the default config : |
default_ca = CA_BOUTHORS.FR # The default ca section | default_ca = CA_BOUTHORS.FR # The default ca section | ||
Line 521: | Line 522: | ||
==== Create the CA ==== | ==== Create the CA ==== | ||
- | Generate a self signed ceritificate, as explained here : [[#Create a self signed certificate]] | + | Generate a self signed certificate, as explained here : [[#Create a self signed certificate]] |
<code> | <code> | ||
Line 685: | Line 686: | ||
==== Generate the CRL ==== | ==== Generate the CRL ==== | ||
- | Commanda : | + | Command : |
openssl ca -gencrl -out crl.pem | openssl ca -gencrl -out crl.pem | ||