Page History
...
Steps include to create the signing-ca.key
Private Key file and signing-ca.crt
self-signed Certificate file for the Signing CA both in PEM format.
Using ECDSA Encryption
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Step 1: Generate Signing Certificate Authority (CA) Private Key openssl ecparam -genkey -name secp256k1 -noout -out signing-ca.key # Step 2: Generate Signing CA Certificate openssl req -new -x509 -sha256 -days 5475 -key signing-ca.key -out signing-ca.crt # You are about to be asked to enter information that will be incorporated # into your certificate request. # What you are about to enter is what is called a Distinguished Name or a DN. # There are quite a few fields but you can leave some blank # For some fields there will be a default value, # If you enter '.', the field will be left blank. # ----- # Country Name (2 letter code) [XX]:DE # State or Province Name (full name) []:Berlin # Locality Name (eg, city) [Default City]:Berlin # Organization Name (eg, company) [Default Company Ltd]:SOS # Organizational Unit Name (eg, section) []:JS7 # Common Name (eg, your name or your server's hostname) []:JS7 Deployment CA # Email Address []: |
...
- Step 1: The Private Key is created.
- Choice of algorithm such as
secp256k1
is up to the user. - The
signing-ca.key
file will hold the Private Key.
- Choice of algorithm such as
- Step 2: The Signing CA Certificate is created
- As a response to the command the OpenSSL utility prompts for a number of specifications for the Distinguished Name, i.e. the unique name of the Signing CA Certificate:
Country Name
: a 2 letter country code is expected as stated for example with https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2State or Province Name
: the name of a state is expectedLocality Name
: the name of a city is expectedOrganization Name
: arbitrary input is allowedOrganizational Unit Name
: arbitrary input is allowedCommon Name
: an arbitrary name can be chosen as the name of the Signing CAEmail Address
: empty input is allowed
- The
signing-ca.crt
file will hold the Signing Certificate..
- As a response to the command the OpenSSL utility prompts for a number of specifications for the Distinguished Name, i.e. the unique name of the Signing CA Certificate:
Using RSA Encryption
...
Anchor | ||||
---|---|---|---|---|
|
...
Code Block | ||||
---|---|---|---|---|
| ||||
[ req ] prompt = no distinguished_name = standard dn [ standard dn ] countryName commonName = signingDE countryNamestateOrProvinceName = DEBerlin localityName = Berlin organizationName = SOS organizationalUnitName = IT stateOrProvinceNamecommonName = Berlinsigning [ standard exts ] keyUsage = critical, nonRepudiation, digitalSignature # see x509v3_config for other extensions |
...
Overview
Content Tools