PKI Tutorials - Herong's Tutorial Examples - Version 2.10, by Dr. Herong Yang

PKI Tutorials - Herong's Tutorial Examples

∟PKI CA Administration - Issuing Certificates

∟Verifying Requester's Email Address

Now it's my turn to verify Amy's identity and issue her a personal certificate.

Step 3 - Herong, as the CA administrator, reviews Amy's CSR file and verifies her identity.

To review Amy's CSR, I need to use a different tool called OpenSSL. JDK 'keytool' command is not good enough. Read my "Cryptography Tutorials - Herong's Tutorial Examples" book on how to install OpenSSL if you need help.

Here is the OpenSSL command I used to view Amy's CSR:

C:\herong>\local\gnuwin32\bin\openssl req -noout -text 
   -in amy_xyz_com.csr

Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=Unknown, ST=Unknown, L=Unknown, O=Unknown,
           OU=Unknown, CN=amy@xyz.com
        Subject Public Key Info:
            Public Key Algorithm: dsaEncryption
            DSA Public Key:
                pub:
                    00:ef:b5:66:2e:45:9c:28:c1:34:fc:ad:f7:e7:b8:
                    ...
        Attributes:
            a0:00
    Signature Algorithm: dsaWithSHA1
        30:2c:02:14:5d:34:8f:30:77:ee:9a:7d:b7:de:8e:e2:67:5a:
        34:b0:04:7c:6d:22:02:14:11:a4:4d:52:ea:61:8a:d3:bf:80:
        6f:28:a6:a2:15:24:c6:1d:6f:06

Since I am planning to issue Amy a Class 1 certificate, I only need to verify her email address, which is the CN attribute of the Subject.

So I send Amy a verification email to amy@xyz.com. If she can reply from that email address, then verification is done.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with IE (Internet Explorer)

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Windows Certificate Stores and Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

►PKI CA Administration - Issuing Certificates

 Root CA and Intermediate CA

 Requesting and Signing Personal Certificate

 Generating a Private-Public Key Pair for Amy

 Generating a CSR (Certificate Signing Request)

►Verifying Requester's Email Address

 Exporting a Private Key from a KeyStore File

 Signing a CSR into a Certificate

 Importing Certificate Reply Back to KeyStore

 "bad decrypt:./crypto/evp/evp_enc.c:461" Error

 Requesting and Signing Server Certificate

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 Full Version in PDF/EPUB

Verifying Requester's Email Address - Updated in 2018, by Dr. Herong Yang