JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 45

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The article explains how to create Signing Certificates for use with JS7. Users who operate an existing Private Certificate Authority might find different approaches and different responsibilities for the indicated steps. There's more than one way how to do it.

Examples in the article make use of JS7 Release 2.7.2, OpenSSL 1.1.1k  FIPS 25 Mar 2021 for Unix and OpenSSL 3.1.4 24 Oct 2023 for Windows. OpenSSL ships with Linux & other Unix OS and is available for Windows.

...

Code Block
languagebash
titleExample how to create Private Key and Certificate Signing Request using ECDSA encryption (Unix)
linenumberstrue
# Specify key name used for file names
key_name=signing

# Create Private Key
openssl ecparam -genkey -name secp384r1 -out ${key_name}.key

# Create Certificate Signing Request
 openssl req -new -sha512 -nodes \
    -key ${key_name}.key \
    -out ${key_name}.csr \
    -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${key_name}"

...

Code Block
languagebash
titleRun .create_signing_certificate.sh shell script
linenumberstrue
# Description
# create_signing_certificate.sh --key-name=<basename> --ca-key-name=<basename> --subject=<distinguished-name> --days=<number-of-days>

# Example for use with key name and lifetime
# ./create_signing_certificate.sh --key-name=ap --days=365

# Example for use with key name, CA key name and lifetime
# ./create_signing_certificate.sh --key-name=ap --ca-key-name=signing-ca --days=4017

# Example for use with key name, subject and lifetime
# ./create_signing_certificate.sh --key-name=ap --subject="/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=ap" --days=4017

...