Common SSL Commands

OPENSSL
=======

CREATE OWN CA (Example: CLaYCA)
1. Setting .cfg file n setting directories: 

     CLaYCA
        |-- ca
        |-- server
        |-- user

2. Create Private Key (Remember the password)
openssl genrsa -des3 -out ca/CLaYCA.key 1024

3. Create CSR
openssl req -new -key ca/CLaYCA.key -out ca/CLaYCA.csr

4. Self-sign certificate:
openssl x509 -req -days 3650 -in ca/CLaYCA.csr-out ca/CLaYCA.crt -signkey ca/CLaYCA.key

5. To check the certificate
openssl x509 -in ca/CLaYCA.crt -text

6. Create DER Format from private key
openssl pkcs8 -topk8 -in ca/CLaYCA.key -outform DER -out ca/CLaYCA.der -nocrypt



CREATE CERTIFICATE FOR APACHE SERVER TO BE SIGNED BY CLaYCA (Example: localhost)
1. Create Private Key (Remember the password)
openssl genrsa -des3 -out server/localhost/localhost.key 1024

2. Create CSR
openssl req -new -key server/localhost/localhost.key -out server/localhost/localhost.csr

3. Sign Server CSR with CLaYCA Key
openssl x509 -req -in server/localhost/localhost.csr -CA ca/CLaYCA.crt -CAkey ca/CLaYCA.key -CAcreateserial -out server/localhost/localhost.crt -days 365



CREATE CERTIFICATE FOR XAMPP SERVER TO BE SIGNED BY CLaYCA (Example: server)
1. Run xampp/apache/makecert.bat (Remember the password)

2. Create CSR
openssl req -new -key ssl.key/server.key -out ssl.ca/server.csr

3. Sign Server CSR with CLaYCA Key
openssl x509 -req -in server/xampp/server.csr -CA ca/CLaYCA.crt -CAkey ca/CLaYCA.key -CAcreateserial -out server/xampp/server.crt -days 3650



CREATE CERTIFICATE FOR USER (Example: dummyphp)
1. Create Private Key (Remember the password)
openssl genrsa -des3 -out user/dummyphp/dummyphp.key 1024

2. Create CSR
openssl req -new -key user/dummyphp/dummyphp.key -out user/dummyphp/dummyphp.csr

3. Sign Server CSR with CLaYCA Key
openssl x509 -req -in user/dummyphp/dummyphp.csr -CA ca/CLaYCA.crt -CAkey ca/CLaYCA.key -CAcreateserial -out user/dummyphp/dummyphp.crt -days 3650

4. Convert to P12 (Remember the password)
openssl pkcs12 -export -out user/dummyphp/dummyphp.p12 -inkey user/dummyphp/dummyphp.key -in user/dummyphp/dummyphp.crt

5. Convert to PEM
openssl pkcs12 -in user/dummyphp/dummyphp.p12 -out user/dummyphp/dummyphp.pem



JAVA KEYTOOL
===========

CREATE CERTIFICATE FOR SERVER (Example: tomcat)
1. Create the keystore (Remember the password)
keytool -genkey -keyalg RSA -alias "tomcat" -keystore server/tomcat/tomcat-keystore.jks -validity 360

2. Create CSR
keytool -certreq -alias "tomcat" -keystore motiondev.jks -file server/tomcat/tomcat.csr

3. Sign Server CSR with CLaYCA Key
openssl x509 -req -in server/tomcat/tomcat.csr -CA ca/CLaYCA.crt -CAkey ca/CLaYCA.key -CAcreateserial -out server/tomcat/tomcat.crt -days 3650

4. Import the Certificate to tomcat-keystore.jks
keytool -import -keystore server/tomcat/tomcat-keystore.jks -storepass "12345678" -file server/tomcat/tomcat.crt



TRUSTED CA CERTIFICATES ACTIONS

- Import NEW CA to TRUSTSTORE
keytool -import -trustcacerts -file NEWCA.crt -keystore jre/lib/security/cacerts -storepass changeit

- Export Certificate of a CA
keytool -export -alias mykey -file theca.crt -keystore jre/lib/security/cacerts -storepass changeit

- List CAs in TRUSTSTORE
keytool -list -v -keystore jre/lib/security/cacerts -storepass changeit

- Delete CA on TRUSTSTORE
Keytool -delete -alias caalias jre/lib/security/cacerts -storepass changeit

Similar Posts:

    None Found

Bookmark:
  • Digg
  • del.icio.us
  • Facebook
  • Google
  • description
  • LinkedIn
  • Slashdot
  • Technorati
  • TwitThis
  • Yahoo! Buzz

March 4th, 2009 in SSL | tags:

1 Comment

AndrewBoldmanJune 5th, 2009 at 10:43 am

da best. Keep it going! Thank you

Leave a comment

Your comment

Spam Protection by WP-SpamFree