JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 9

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 10

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Steps include to create the signing-ca.key Private Key file and signing-ca.crt self-signed Certificate file for the Signing CA both in PEM format.

Using ECDSA Encryption

Code Block
languagebash
titleCreate Signing CA Certificate using ECDSA
linenumberstrue
# Step 1: Generate Signing Certificate Authority (CA) Private Key
openssl ecparam -genkey -name secp256k1 -noout -out signing-ca.key
 
# Step 2: Generate Signing CA Certificate
openssl req -new -x509 -sha256 -days 5475 -key signing-ca.key -out signing-ca.crt

# You are about to be asked to enter information that will be incorporated
# into your certificate request.
# What you are about to enter is what is called a Distinguished Name or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
# -----
# Country Name (2 letter code) [XX]:DE
# State or Province Name (full name) []:Berlin
# Locality Name (eg, city) [Default City]:Berlin
# Organization Name (eg, company) [Default Company Ltd]:SOS
# Organizational Unit Name (eg, section) []:JS7
# Common Name (eg, your name or your server's hostname) []:JS7 Deployment CA
# Email Address []:

...

  • Step 1: The Private Key is created.
    • Choice of algorithm such as secp256k1 is up to the user.
    • The signing-ca.key file will hold the Private Key.
  • Step 2: The Signing CA Certificate is created
    • As a response to the command the OpenSSL utility prompts for a number of specifications for the Distinguished Name, i.e. the unique name of the Signing CA Certificate: 
      • Country Name: a 2 letter country code is expected as stated for example with https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
      • State or Province Name: the name of a state is expected
      • Locality Name:  the name of a city is expected
      • Organization Name: arbitrary input is allowed
      • Organizational Unit Name: arbitrary input is allowed
      • Common Name: an arbitrary name can be chosen as the name of the Signing CA
      • Email Address: empty input is allowed
    • The signing-ca.crt file will hold the Signing Certificate..

Using RSA Encryption

...

Anchor
signing_certificate
signing_certificate
Creating a Signing Certificate

...

Code Block
titleOpenSSL configuration file openssl-cert.config
linenumberstrue
[ req ]
prompt             = no
distinguished_name = standard dn

[ standard dn ]
           countryName commonName = signingDE
           countryNamestateOrProvinceName = DEBerlin
          localityName = Berlin
      organizationName = SOS
organizationalUnitName = IT
            stateOrProvinceNamecommonName = Berlinsigning

[ standard exts ]
keyUsage = critical, nonRepudiation, digitalSignature

# see x509v3_config for other extensions

...