PKI CA Administration - Issuing Certificates
This chapter provides tutorial notes and example codes on PKI CA administration. Topics include Root CA and intermediate CA relation; steps of issuing personal and server certificates; generating private-public key pairs and CSR with JDK 'keytool'; signing certificate with OpenSSL 'x509'; exporting private keys from KeyStore files.
These sections are omitted from this Web preview version. To view the full content,
see information on how to obtain the full version this book.
Root CA and Intermediate CA
Requesting and Signing Personal Certificate
Generating a Private-Public Key Pair for Amy
Generating a CSR (Certificate Signing Request)
Verifying Requester's Email Address
Exporting a Private Key from a KeyStore File
Signing a CSR into a Certificate
Importing Certificate Reply Back to KeyStore
"bad decrypt:./crypto/evp/evp_enc.c:461" Error
Requesting and Signing Server Certificate
- With JDK and OpenSSL installed, you can become a PKI CA yourself.
Of course, there are many other commercial tools available with better PKI CA functionalities.
- There are 4 steps involved in issuing a PKI personal or server certificate: 1. Generate a private-public key pair;
2. Generate the CSR; 3. Verify requester's identity; 4. Signing the certificate.
- Generating private-public key pair and CSR can be done by using the JDK "keytool" command.
- Verifying requester's identify is mostly a manual process. For Class 1 certificates, you only need
verify requester's email address or domain name, which can be easily done via emails.
- Signing the certificate can be done by using the OpenSSL "x509" command, which requires your private key and your own certificate.
Table of Contents
About This Book
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with Google Chrome
Using HTTPS with Mozilla Firefox
HTTPS with IE (Internet Explorer)
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Windows Certificate Stores and Console
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
►PKI CA Administration - Issuing Certificates
Comodo Free Personal Certificate
Digital Signature - Microsoft Word
Digital Signature - OpenOffice.org 3
S/MIME and Email Security
PKI (Public Key Infrastructure) Terminology
Full Version in PDF/EPUB