Page History

...

Users can create a Certificate Signing Request (CSR) and ask their Certificate Authority (CA) to sign the CSR and to receive an X.509 Certificate. The Private Key or X.509 Certificate allow to derive the Public Key.
User can create a selfCA-signed X.509 Certificate, see JS7 - How to create X.509 SSL TLS Certificates.
Users can create a Private Key and Certificate as explained in the next chapter.

...

Code Block

language	bash
title	Example how to create ECDSA private key and certificatePrivate Key and Certificate using ECDSA encryption
linenumbers	true
collapse	true

# navigate to the Agent's <agent-data>\config\private directory
Set-Location $env:Programdata\sos-berlin.com\js7\agent\config\private

# create Private Key
#   for use with passphrase add: -passout pass:"secret"
openssl ecparam -name secp384r1 -genkey -noout -out agent.key

# create Certificate Signing Request
openssl req -new -sha512 -nodes -key agent.key -out agent.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Agent"

# create Certificate
$user_crt_tmp_file = New-TemporaryFile
"keyUsage=critical,keyAgreement,keyEncipherment" | Out-File $user_crt_tmp_file

#   for passphrase add: -passin pass:"secret"
openssl x509 -req -sha512 -days 1825 -signkey agent.key -in agent.csr -out agent.crt -extfile $user_crt_tmp_file
Remove-Item -Path $user_crt_tmp_file -Force

...

Space shortcuts

Page tree

Versions Compared

Old Version 8

New Version Current

Key