Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client

Paul Jungwirth on 22 Dec 2014 08:03:31 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client

From: Paul Jungwirth <once@9stmaryrd.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
Date: Mon, 22 Dec 2014 07:57:11 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:in-reply-to:references:from:date :message-id:subject:to:content-type:content-transfer-encoding; bh=bpo4KXbcZ/+PpCcX0Mi2aCD5T+nqdFMimjQ41bm20jY=; b=MVFM+AG3R+GaFnwDj5sPMk+JuVNxzSnxrDg7Z2zJugkn3gKL3R5mGMfj56DoWJCwyI v4y9MXVW6OKppbE9H4daTIAkfAeBx8AXFmExtSGJFpLB972Myl8d+1tcyfSdCYE2ZW7G 7WTOoapfaFzFFFMbomHWB0R0u0AhBS7i6DzfcOfDJZ1NKyjhQPAAFl09zzxwO6napIJp v0KvcLIxsgG6koW82nRrECwKRfI+xXzyiggkLJvGCbpgHEiv5VfAcBhvr/EBYvt++Fsa ehvpIxu/dqMmAx/0M1am7ooiJBC1GEGhr84Sj51RQKQ/eMBkGynaD0MFKaR1wEloSlGw gTPQ==
Reply-to: once@9stmaryrd.com, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

I don't see why it shouldn't work. Just provide the appropriate domain
name for the CSR. These are my notes on SSL certs:

  Generate a Private Key:
    openssl genrsa ‐des3 ‐out server.pass.key 2048

  Remove passphrase from key:
    openssl rsa ‐in server.pass.key ‐out server.key

  Generate a CSR:
    openssl req ‐new ‐key server.key ‐out server.csr

Then once you have a signed cert you'll need to update the private
key. Or if you can find the existing private key, use that and skip
the first two steps above.

Good luck!

Paul



On Mon, Dec 22, 2014 at 7:51 AM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
> On Mon, Dec 22, 2014 at 10:36 AM, Michael Leone <turgon@mike-leone.com> wrote:
>>
>> Any request I generate myself on my CA, in the name of the Connections
>> server, will be pretty much the same as an actual CSR generated on that
>> Connections server, right? Just as valid a CSR, I mean.
>>
>
> It should be completely possible in theory, though I'd have to dig
> through a bazillion openssl manpages to tell you how.  You'll
> definitely need access to the public key for the server - I don't know
> if generating a csr requires access to the private key offhand (I'd
> hope that it does, otherwise anybody could generate one, though they
> couldn't actually make use of it without the private key other than
> maybe to confuse clients).
>
> --
> Rich
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



-- 
_________________________________
Pulchritudo splendor veritatis.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Issuing a cert from OpenSSL without a CSR from the client
  - From: Michael Leone <turgon@mike-leone.com>
- Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
  - From: Rich Freeman <r-plug@thefreemanclan.net>

Prev by Date: Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
Next by Date: Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
Previous by thread: Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
Next by thread: Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
Index(es):
- Date
- Thread