Page History
...
- Users can create a Certificate Signing Request (CSR) and ask their Certificate Authority (CA) to sign the CSR and to receive an X.509 certificate. The Private Key or X.509 Certificate allow to derive the Public Key.
- User can create a selfCA-signed X.509 Certificate, see JS7 - How to create X.509 SSL TLS Certificates.
- Users can create a Private Key and Certificate as explained in the next chapter.
...
The following step is performed on the server hosting the Agent that should decrypt secrets. The example makes use of the openssl
command line utility that can be installed for Windows. There are alternative ways how to create Private Keys and Certificates. Find more examples and explanations from JS7 - How to create X.509 Encryption Keys.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
#@rem navigate to the Agent's <agent-data>/\config/\private directory cd /var/%Programdata%\sos-berlin.com/\js7/\agent/\config/\private #@rem create thePrivate privateKey @rem key infor pkcs#1use formatwith #passphrase add: without passphrase-passout pass:"secret" openssl ecparam -name secp256k1secp384r1 -genkey -noout -out agent.key # @rem create Certificate withSigning passphraseRequest # openssl ecparamreq -genkeynew -namesha512 secp256k1-nodes | openssl ec -aes256 -passout pass:"jobscheduler" -out agent.key # create certificate openssl req -new -x509 -key agent.key -out agent.crt -days 1825 # openssl req -new -x509 -key-key agent.key -out agent.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Agent" @rem create Certificate set user_crt_tmp_file=user-crt-%RANDOM%.tmp echo keyUsage=critical,keyAgreement,keyEncipherment > %user_crt_tmp_file% @rem for passphrase add: -passin pass:"secret" openssl x509 -req -sha512 -days 1825 -signkey agent.key -passin pass:"jobscheduler"in agent.csr -out agent.crt -days 1825extfile %user_crt_tmp_file% del /q %user_crt_tmp_file% |
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
#@rem navigate to the Agent's <agent-data>/\config/\private directory cd /var/%Programdata%\sos-berlin.com/\js7/\agent/\config/\private #@rem create thePrivate privateKey keyand inCertificate pkcs#1Signing formatRequest #@rem for without passphrase openssl reqadd: -x509 -sha256passout pass:"secret" openssl req -new -newkey rsa:20484096 -sha256 -nodes -keyout agent.key -out agent.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Agent" @rem create Certificate set user_crt_tmp_file=user-crt-%RANDOM%.tmp echo keyUsage=critical,keyAgreement,keyEncipherment > %user_crt # with passphrase # openssl req -x509 -sha256 -newkey rsa:2048 -passout pass:"jobscheduler" -keyout agent.key_tmp_file% @rem for passphrase add: -passin pass:"secret" openssl x509 -req -sha512 -days 1825 -signkey agent.key -in agent.csr -out agent.crt -extfile %user_crt_tmp_file% del /q %user_crt_tmp_file% |
Step 2: Making the Certificate available
...
Overview
Content Tools