[PLUG] Issue and self-sign internal certificates

Mike Leone on 29 Oct 2010 08:22:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Issue and self-sign internal certificates

From: Mike Leone <turgon@mike-leone.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: [PLUG] Issue and self-sign internal certificates

Date: Fri, 29 Oct 2010 11:21:52 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6

I'm need to issue self-signed certificates for the various webservers inmy organization to use (for internal use only). And I'm confused by thedocumentation and examples.
Using Ubuntu 9.10 So I created a new Certificate Authority, by following <https://help.ubuntu.com/community/OpenSSL/>. And so I did a
openssl req -x509 -newkey rsa:2048 -out Internal-CA-cert.pem -outformPEM -days 3650

And so I now have a cert and private key (calledInternal-CA-Private-Key.pem, so I know at a glance what it is :-) for mynew CA. And I've modified the openssl.cnf "CA_default" section to usethose names
certificate = $dir/Internal-CA-cert.pem private_key = $dir/private/Internal-CA-Private-Key.pem
At this point, I should be able to process cert requests from mywebservers (all of which run Windows, and use WebLogic as a webserver),and issue them signed certs. So here's where I am confused.

I know there is the CA.pl utility I can use to this, by just "CA.pl-sign". Quick and simple, just the way I like'em. But how/where do Ispecify the request file name? It seems to expect the request to be in afile called "newreq.pem" (not that I see that in the documentation, butit only works if the file is that name).

And I want it to prompt me for the name, rather than forcing me torename each request file to be "newreq,pem", so I can track whichservers I've processed requests from. And I want to be prompted for thecert name to save, for the same reason - I don't want to be renaming"newcert.pem" each time.

I can't seem to figure out what I need to change, in order to beprompted for the cert request name, and for the signed certificate name.Do I need to be editing CA.pl or something?

I'm doing this from a VM that only has a command line environment, notGUI, otherwise I thought about using TinyCA.
Thoughts/suggestions? -- Michael J. Leone, <mailto:turgon@mike-leone.com> PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos> Network apparatchik and all-around drudge. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Issue and self-sign internal certificates
From: Gordon Dexter <gordon.m.dexter@drexel.edu>

Prev by Date: Re: [PLUG] ATT/bellsouth.net email problem

Next by Date: Re: [PLUG] ATT/bellsouth.net email problem

Previous by thread: Re: [PLUG] ATT/bellsouth.net email problem

Next by thread: Re: [PLUG] Issue and self-sign internal certificates

Index(es):

Date

Thread