4:27 p.m.
Hello again.
In advance, I apologize for the basic questions but I'm trying to follow along with
the openssl examples.
Signing a CSR is relatively easy using openssl, so I'm wondering if there's a
similar CLI command (with options) in DCS.
---
# openssl ca -in /root/CA/cisco1.csr -extensions x509v3_extensions -out
/root/CA/cisco1.pem -notext
Using configuration from /root/CA/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName :PRINTABLE:'Stargate Command Domain'
commonName :PRINTABLE:'cisco1.stargatecommand.mil'
Certificate is to be certified until Apr 24 17:15:41 2010 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
---
The only thing similar I can find is CMCenroll, but it looks like it can't specify the
signing cert as specified in OPENSSL_CONF.
I'm doing reading on the end-entity (EE) versus agent services. Automation is great
but I'd like to cover the basics using the CLI. It is Linux BTW. :)
4:37 p.m.
On Wed, 2009-04-29 at 17:27 -0400, Fortunato wrote:
Hello again.
In advance, I apologize for the basic questions but I'm trying to follow along with
the openssl examples.
Signing a CSR is relatively easy using openssl, so I'm wondering if there's a
similar CLI command (with options) in DCS.
from
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
Creating a Certificate
A valid certificate must be issued by a trusted CA. If a CA key pair is
not available, you can create a self-signed certificate (for purposes of
illustration) with the -x argument. This example creates a new binary,
self-signed CA certificate named myissuer, in the specified directory.
certutil -S -s "CN=My Issuer" -n myissuer -x -t "C,C,C" -1 -2 -5 -m
1234
-f password-file -d certdir
The following example creates a new binary certificate named mycert.crt,
from a binary certificate request named mycert.req, in the specified
directory. It is issued by the self-signed certificate created above,
myissuer.
certutil -C -m 2345 -i mycert.req -o mycert.crt -c myissuer -d certdir
---
# openssl ca -in /root/CA/cisco1.csr -extensions x509v3_extensions -out
/root/CA/cisco1.pem -notext
Using configuration from /root/CA/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName :PRINTABLE:'Stargate Command Domain'
commonName :PRINTABLE:'cisco1.stargatecommand.mil'
Certificate is to be certified until Apr 24 17:15:41 2010 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
---
The only thing similar I can find is CMCenroll, but it looks like it can't specify
the signing cert as specified in OPENSSL_CONF.
I'm doing reading on the end-entity (EE) versus agent services. Automation is great
but I'd like to cover the basics using the CLI. It is Linux BTW. :)
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chandrasekar Kannan -- ckannan(a)redhat.com
Quality Engineering -- http://www.redhat.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5715
days inactive
5715
days old
1 comments
2 participants
participants (2)
-
Chandrasekar Kannan -
Fortunato