PKI CA Administration - Issuing Certificates
This chapter provides tutorial notes and example codes on PKI CA administration. Topics include Root CA and intermediate CA relation; steps of issuing personal and server certificates; generating private-public key pairs and CSR with JDK 'keytool'; signing certificate with OpenSSL 'x509'; exporting private keys from KeyStore files.
Root CA and Intermediate CA
Requesting and Signing Personal Certificate
Generating a Private-Public Key Pair for Amy
Generating a CSR (Certificate Signing Request)
Verifying Requester's Email Address
Exporting a Private Key from a KeyStore File
Signing a CSR into a Certificate
Importing Certificate Reply Back to KeyStore
"bad decrypt:./crypto/evp/evp_enc.c:461" Error
Requesting and Signing Server Certificate
- With JDK and OpenSSL installed, you can become a PKI CA yourself.
Of course, there are many other commercial tools available with better PKI CA functionalities.
- There are 4 steps involved in issuing a PKI personal or server certificate: 1. Generate a private-public key pair;
2. Generate the CSR; 3. Verify requester's identity; 4. Signing the certificate.
- Generating private-public key pair and CSR can be done by using the JDK "keytool" command.
- Verifying requester's identify is mostly a manual process. For Class 1 certificates, you only need
verify requester's email address or domain name, which can be easily done via emails.
- Signing the certificate can be done by using the OpenSSL "x509" command, which requires your private key and your own certificate.
Table of Contents
About This Book
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with IE (Internet Explorer) 10
Using HTTPS with Chrome 40
Using HTTPS with Firefox 35
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Certificate Stores and Certificate Console
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
►PKI CA Administration - Issuing Certificates
Digital Signature - Microsoft Word 2007
Digital Signature - OpenOffice.org 3
S/MIME and Email Security
PKI (Public Key Infrastructure) Terminology
PDF Printing Version