PKI Tutorials - Herong's Tutorial Examples - Version 2.10, by Dr. Herong Yang
Verifying Requester's Email Address
This section provides a tutorial example on how to generate a CSR (Certificate Signing Request) using the JDK 'keytool' command.
Now it's my turn to verify Amy's identity and issue her a personal certificate.
Step 3 - Herong, as the CA administrator, reviews Amy's CSR file and verifies her identity.
To review Amy's CSR, I need to use a different tool called OpenSSL. JDK 'keytool' command is not good enough. Read my "Cryptography Tutorials - Herong's Tutorial Examples" book on how to install OpenSSL if you need help.
Here is the OpenSSL command I used to view Amy's CSR:
C:\herong>\local\gnuwin32\bin\openssl req -noout -text -in amy_xyz_com.csr Certificate Request: Data: Version: 0 (0x0) Subject: C=Unknown, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=amy@xyz.com Subject Public Key Info: Public Key Algorithm: dsaEncryption DSA Public Key: pub: 00:ef:b5:66:2e:45:9c:28:c1:34:fc:ad:f7:e7:b8: ... Attributes: a0:00 Signature Algorithm: dsaWithSHA1 30:2c:02:14:5d:34:8f:30:77:ee:9a:7d:b7:de:8e:e2:67:5a: 34:b0:04:7c:6d:22:02:14:11:a4:4d:52:ea:61:8a:d3:bf:80: 6f:28:a6:a2:15:24:c6:1d:6f:06
Since I am planning to issue Amy a Class 1 certificate, I only need to verify her email address, which is the CN attribute of the Subject.
So I send Amy a verification email to amy@xyz.com. If she can reply from that email address, then verification is done.
Last update: 2011.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with Google Chrome
Using HTTPS with Mozilla Firefox
HTTPS with IE (Internet Explorer)
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Windows Certificate Stores and Console
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
►PKI CA Administration - Issuing Certificates
Requesting and Signing Personal Certificate
Generating a Private-Public Key Pair for Amy
Generating a CSR (Certificate Signing Request)
►Verifying Requester's Email Address
Exporting a Private Key from a KeyStore File
Signing a CSR into a Certificate
Importing Certificate Reply Back to KeyStore
"bad decrypt:./crypto/evp/evp_enc.c:461" Error
Requesting and Signing Server Certificate
Comodo Free Personal Certificate
Digital Signature - Microsoft Word
Digital Signature - OpenOffice.org 3