This shows you the differences between two versions of the page.
en:linux:openssl [2011/01/11 23:01] matthieu [Public/Private Key mecanism] |
en:linux:openssl [2011/01/11 23:06] (current) matthieu [Generate the CRL] |
||
---|---|---|---|
Line 122: | Line 122: | ||
===== Sign a certificate with a second one ====== | ===== Sign a certificate with a second one ====== | ||
- | How to sign a certificate with a CA. Warning, this way doesn't allow to manage a Certificate Revocation List (CRL) | + | How to sign a certificate with a CA.\\ |
+ | :!: This method doesn't allow to manage a Certificate Revocation List (CRL) | ||
Command : | Command : | ||
Line 231: | Line 232: | ||
- | ==== View details of a ceritificate request (CSR) ==== | + | ==== View details of a certificate request (CSR) ==== |
Command : | Command : | ||
openssl req -in newcsr.csr -text -noout | openssl req -in newcsr.csr -text -noout | ||
Line 272: | Line 273: | ||
===== Create a mini Certificate Autority (CA) ===== | ===== Create a mini Certificate Autority (CA) ===== | ||
- | We will now create a CA to sign some certificates. This CA will be stored in ///etc/ssl/ca_bouthors.fr/// | + | We will now create a CA to sign some certificates. This CA will be stored into ///etc/ssl/ca_bouthors.fr/// |
- | The command //openssl ca// allow to manage CA. | + | The command //openssl ca// allows to manage a CA. |
Line 489: | Line 490: | ||
</file> | </file> | ||
- | Ne pas oublier de changer la configuration par défaut : | + | Don't forget to change the default config : |
default_ca = CA_BOUTHORS.FR # The default ca section | default_ca = CA_BOUTHORS.FR # The default ca section | ||
Line 521: | Line 522: | ||
==== Create the CA ==== | ==== Create the CA ==== | ||
- | Generate a self signed ceritificate, as explained here : [[#Create a self signed certificate]] | + | Generate a self signed certificate, as explained here : [[#Create a self signed certificate]] |
<code> | <code> | ||
Line 685: | Line 686: | ||
==== Generate the CRL ==== | ==== Generate the CRL ==== | ||
- | Commanda : | + | Command : |
openssl ca -gencrl -out crl.pem | openssl ca -gencrl -out crl.pem | ||