forked from zmalltalker/stomp
-
Notifications
You must be signed in to change notification settings - Fork 80
Test creserver
gmallard edited this page Mar 5, 2012
·
2 revisions
Enter the command:
openssl genrsa -out server.key 2048
This creates the server's private key (file server.key).
Enter the command:
openssl req -new -key server.key -out server.csr
You will again be prompted for information to be included in the CSR. Example:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Florida
Locality Name (eg, city) []:Orlando
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Internet Widgets Pty Ltd
Organizational Unit Name (eg, section) []:Server Center
Common Name (eg, YOUR name) []:localhost
Email Address []:server@iwpl.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:
This produces a CSR for the server's certificate (server.csr).
Before you can sign any certificates using the Test CA, you must set up a directory structure required by openssl and where signing data is maintained.
Enter the following connands:
mkdir -p demoCA/newcerts
touch demoCA/index.txt
echo "01" > demoCA/serial
Enter the command:
openssl ca -in server.csr -cert TestCA.crt -keyfile TestCA.key -out server.crt
Information about the CSR will be presented, and you will be prompted whether to sign the certificate or not. You will be prompted a second time to commit the request. An example follows:
Using configuration from /usr/lib/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Mar 4 18:43:37 2012 GMT
Not After : Mar 4 18:43:37 2013 GMT
Subject:
countryName = US
stateOrProvinceName = Florida
organizationName = Internet Widgets Pty Ltd
organizationalUnitName = Server Center
commonName = localhost
emailAddress = server@iwpl.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
83:40:59:36:F7:59:B9:A8:31:DD:01:4B:16:EA:80:0E:03:BB:12:0D
X509v3 Authority Key Identifier:
DirName:/C=US/ST=Florida/L=Orlando/O=Internet Widgets Pty Ltd/OU=Headquarters/CN=localhost/emailAddress=pres@iwpl.com
serial:B6:4A:01:B0:64:DF:4D:2A
Certificate is to be certified until Mar 4 18:43:37 2013 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated