Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

OPenssl - certificates to secure traffic in DMZ

  • 11-06-2007 02:42PM
    #1
    anon1
    Closed Accounts Posts: 96 ✭✭


    Hi,

    I need to create a csr to send to a certificate authority so I can get a cert to secure traffic in a dmz.

    How do I create the certicate request?
    I think I need to use openssl.

    Can I create a certificate request from my PC using opensll and send to CA then import the cert I get back in pkcs12 format on to the dmz server?

    Thks,

    TC


Comments

  • #2
    koloughlin
    Closed Accounts Posts: 97 ✭✭koloughlin


    You can certainly use openssl to generate your private key and from that your certificate request. It doesn't matter which machine you use to do this, but you will need to move the private key over to the dmz machine once you receive the certificate back from the certifying authority. The certificate you get will only work with the private key you used when generating your certificate request.


  • #3
    anon1
    Closed Accounts Posts: 96 ✭✭anon1


    What openssl commands can I use to generate the private key and csr?


  • #4
    koloughlin
    Closed Accounts Posts: 97 ✭✭koloughlin


    This is the first thing google throws out http://www.openssl.org/docs/HOWTO/certificates.txt. You might want to google a little. The last time I had to do this there was tons of information on this out there.


  • #5
    anon1
    Closed Accounts Posts: 96 ✭✭anon1


    Everything seems to go well until I try to create a p12 format cert from the CA cert and the private key I used to create the csr.
    I get error:

    No certificate matches private key


  • #6
    koloughlin
    Closed Accounts Posts: 97 ✭✭koloughlin


    Could you copy and paste in here all you've done so far?


  • Advertisement
  • #7
    anon1
    Closed Accounts Posts: 96 ✭✭anon1


    C:\OpenSSL\bin>

    Create Private key:
    openssl genrsa -des3 -out crx1key.pem 1024
    PassPhrase: *********

    View contents of the private key:
    openssl rsa -noout -text -in crx1key.pem

    Create CSR:
    openssl req -new -key crx1key.pem -out crx1csr.pem -days 365

    Verify the contents of the CSR:
    openssl req -noout -text -in crx1csr.pem

    Sent CSR to Certificate Authority.

    I backed up private key at start this time.


  • #8
    koloughlin
    Closed Accounts Posts: 97 ✭✭koloughlin


    What format was the certificate you received back from the certifying authority? When did you get the error? Can you post that code?


  • #9
    anon1
    Closed Accounts Posts: 96 ✭✭anon1


    Get cert back from CA in an email I copy and paste that into notepad and save as crx1cert.cer

    C:\OpenSSL\bin>openssl pkcs12 -export -in crx1cert.cer -inkey crx1key.pem -out crx1.p12
    Loading 'screen' into random state - done
    Enter pass phrase for crx1key.pem:
    No certificate matches private key


  • #10
    koloughlin
    Closed Accounts Posts: 97 ✭✭koloughlin


    The certifying authorities can provide the cert in different formats. I copied what you did and issued a cert for myself in x509 format to try. Everything worked ok, including the conversion to pcks12.

    Which certifying authority did you get it from? Does it say on their website or in the email what format the cert is in? What do the BEGIN and END lines of the cert say? Can you post the cert you received (just don't post your private key:D )?


Advertisement