| Michael Leone on 22 Dec 2014 08:04:05 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client |
On Mon, Dec 22, 2014 at 10:51 AM, Rich Freeman <r-plug@thefreemanclan.net> wrote: > > On Mon, Dec 22, 2014 at 10:36 AM, Michael Leone <turgon@mike-leone.com> wrote: > > > > Any request I generate myself on my CA, in the name of the Connections > > server, will be pretty much the same as an actual CSR generated on that > > Connections server, right? Just as valid a CSR, I mean. > > > > It should be completely possible in theory, though I'd have to dig > through a bazillion openssl manpages to tell you how. You'll > definitely need access to the public key for the server - I don't know > if generating a csr requires access to the private key offhand (I'd > hope that it does, otherwise anybody could generate one, though they > couldn't actually make use of it without the private key other than > maybe to confuse clients). "The certificate request is created like this: openssl req -new -key privkey.pem -out cert.csr" https://www.openssl.org/docs/HOWTO/certificates.txt Just not sure which "privkey.pem" that is - I assume the CA. I have access to all the keys, public and private, for both the CA and any issued certs (I've issued maybe a half dozen, for other internal servers, to replace self-signed ones) > > -- > Rich > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug