Difference between revisions of "TLS"

From Vague Hope Wiki
Jump to: navigation, search
Line 31: Line 31:
 
* OU=
 
* OU=
 
* CN=
 
* CN=
 +
 +
== Java ==
 +
 +
Make self-signed server key.
 +
<pre>
 +
/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA
 +
</pre>
 +
 +
List Trusted CA Certs
 +
<pre>
 +
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
 +
</pre>

Revision as of 03:11, 19 May 2012

Examine

openssl x509 -text -in client.pem
openssl rsa -text -in client.pem
openssl crl -text -in cacrl.pem

demoCA

/usr/lib/ssl/misc/CA.sh -newca
/usr/lib/ssl/misc/CA.sh -newreq
/usr/lib/ssl/misc/CA.sh -sign
openssl req -new -nodes -out client2.req.pem -keyout client2.key.pem -days 365
openssl ca -out client2.cert.pem -days 365 -infiles client2.req.pem
curl --insecure -E client2.cert.pem --key client2.key.pem https://localhost:8443
echo 01 > demoCA/crlnumber
openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem
openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30

Fields

  • C=Country Name (2 letter code)
  • ST=State or Province Name (full name)
  • O=Organization Name (eg, company)
  • OU=
  • CN=

Java

Make self-signed server key.

/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA

List Trusted CA Certs

keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts