|Mike Leone on 29 Oct 2010 08:22:00 -0700|
I'm need to issue self-signed certificates for the various webservers in my organization to use (for internal use only). And I'm confused by the documentation and examples.
Using Ubuntu 9.10 So I created a new Certificate Authority, by following <https://help.ubuntu.com/community/OpenSSL/>. And so I did aopenssl req -x509 -newkey rsa:2048 -out Internal-CA-cert.pem -outform PEM -days 3650
And so I now have a cert and private key (called Internal-CA-Private-Key.pem, so I know at a glance what it is :-) for my new CA. And I've modified the openssl.cnf "CA_default" section to use those names
certificate = $dir/Internal-CA-cert.pem private_key = $dir/private/Internal-CA-Private-Key.pemAt this point, I should be able to process cert requests from my webservers (all of which run Windows, and use WebLogic as a webserver), and issue them signed certs. So here's where I am confused.
I know there is the CA.pl utility I can use to this, by just "CA.pl -sign". Quick and simple, just the way I like'em. But how/where do I specify the request file name? It seems to expect the request to be in a file called "newreq.pem" (not that I see that in the documentation, but it only works if the file is that name).
And I want it to prompt me for the name, rather than forcing me to rename each request file to be "newreq,pem", so I can track which servers I've processed requests from. And I want to be prompted for the cert name to save, for the same reason - I don't want to be renaming "newcert.pem" each time.
I can't seem to figure out what I need to change, in order to be prompted for the cert request name, and for the signed certificate name. Do I need to be editing CA.pl or something?
I'm doing this from a VM that only has a command line environment, not GUI, otherwise I thought about using TinyCA.
Thoughts/suggestions? -- Michael J. Leone, <mailto:firstname.lastname@example.org> PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos> Network apparatchik and all-around drudge. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug