Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

OPenssl - certificates to secure traffic in DMZ

  • 11-06-2007 1:42pm
    #1
    anon1
    Closed Accounts Posts: 96 ✭✭


    Hi,

    I need to create a csr to send to a certificate authority so I can get a cert to secure traffic in a dmz.

    How do I create the certicate request?
    I think I need to use openssl.

    Can I create a certificate request from my PC using opensll and send to CA then import the cert I get back in pkcs12 format on to the dmz server?

    Thks,

    TC


Comments

  • #2
    koloughlin
    Closed Accounts Posts: 97 ✭✭koloughlin


    You can certainly use openssl to generate your private key and from that your certificate request. It doesn't matter which machine you use to do this, but you will need to move the private key over to the dmz machine once you receive the certificate back from the certifying authority. The certificate you get will only work with the private key you used when generating your certificate request.


  • #3
    anon1
    Closed Accounts Posts: 96 ✭✭anon1


    What openssl commands can I use to generate the private key and csr?


  • #4
    koloughlin
    Closed Accounts Posts: 97 ✭✭koloughlin


    This is the first thing google throws out http://www.openssl.org/docs/HOWTO/certificates.txt. You might want to google a little. The last time I had to do this there was tons of information on this out there.


  • #5
    anon1
    Closed Accounts Posts: 96 ✭✭anon1


    Everything seems to go well until I try to create a p12 format cert from the CA cert and the private key I used to create the csr.
    I get error:

    No certificate matches private key


  • #6
    koloughlin
    Closed Accounts Posts: 97 ✭✭koloughlin


    Could you copy and paste in here all you've done so far?


  • Advertisement
  • #7
    anon1
    Closed Accounts Posts: 96 ✭✭anon1


    C:\OpenSSL\bin>

    Create Private key:
    openssl genrsa -des3 -out crx1key.pem 1024
    PassPhrase: *********

    View contents of the private key:
    openssl rsa -noout -text -in crx1key.pem

    Create CSR:
    openssl req -new -key crx1key.pem -out crx1csr.pem -days 365

    Verify the contents of the CSR:
    openssl req -noout -text -in crx1csr.pem

    Sent CSR to Certificate Authority.

    I backed up private key at start this time.


  • #8
    koloughlin
    Closed Accounts Posts: 97 ✭✭koloughlin


    What format was the certificate you received back from the certifying authority? When did you get the error? Can you post that code?


  • #9
    anon1
    Closed Accounts Posts: 96 ✭✭anon1


    Get cert back from CA in an email I copy and paste that into notepad and save as crx1cert.cer

    C:\OpenSSL\bin>openssl pkcs12 -export -in crx1cert.cer -inkey crx1key.pem -out crx1.p12
    Loading 'screen' into random state - done
    Enter pass phrase for crx1key.pem:
    No certificate matches private key


  • #10
    koloughlin
    Closed Accounts Posts: 97 ✭✭koloughlin


    The certifying authorities can provide the cert in different formats. I copied what you did and issued a cert for myself in x509 format to try. Everything worked ok, including the conversion to pcks12.

    Which certifying authority did you get it from? Does it say on their website or in the email what format the cert is in? What do the BEGIN and END lines of the cert say? Can you post the cert you received (just don't post your private key:D )?


Advertisement