Page History

...

Expand

title	Explanations...

Private Key
- Choice of algorithm such as secp256k1, secp384r1 depends on support by the Java version used with JS7.
Certificare Signing Request
- The hash algorithm such as -sha256, -sha512 can be freely chosen.
- The -subj option specifies the Distinguished Name used for the subject of the CSR and resulting Certificate.
  - The Distinguished Name is a unique identifier frequently using the hierarchy of Country C, State ST, Location L, Organization O, Organizational Unit OU and Common Name CN.
  - For self-signed issued Certificates the subject and issuer properties of the CSR/Certificate are the same. The minimum requirement is to specify the Common Name CN=<name> where <name> can freely be chosen.
  - For Private CA-signed Certificates the subject property holds the Certificatecertificate's Distinguished Name and the issuer property holds the Private CA Certificate's Distinguished Name using that must be different values.
The following files will be created with this step:
- The signing.key file will hold the Private Key.
- The signing.csr file will hold the Certificate Signing Request.

...

Expand

title	Explanations...

Explanations are similar to Creating self-signed issued Certificates with a few exceptions:
- The -days option specifying the validity period of the Signing Certificate should indicate a shorter period than the validity period of the CA Certificate.
- The -CA option specifies the location of the CA Certificate file.
- The -CAkey option specifies the location of the CA Private Key file.
- The -in option specifies the location of the Certificate Signing Request.
- The -extfile option specifies the Key Usage and Extended Key Usage being limited to code signing.
The following files will be created with this step:
- The signing.crt file will hold the Signing Certificate.

...

Space shortcuts