320
edits
(Adding S/MIME section) |
(Adding creating S/MIMEs) |
||
Line 12: | Line 12: | ||
== Creating and using S/MIME == | == Creating and using S/MIME == | ||
This is how to create a self-signed S/MIME certificate, used for email encryption and decryption in an email client. | |||
First, generate your new key: | First, generate your new key: | ||
<pre>$ openssl genrsa -out smime.key 2048</pre> | <pre>$ openssl genrsa -out smime.key 2048</pre> | ||
Then create a [[Certificate Signing Request]]: | |||
<pre>$ openssl req -new -key smime.key -out smime.csr | |||
You are about to be asked to enter information that will be incorporated | |||
into your certificate request. | |||
What you are about to enter is what is called a Distinguished Name or a DN. | |||
There are quite a few fields but you can leave some blank | |||
For some fields there will be a default value, | |||
If you enter '.', the field will be left blank. | |||
----- | |||
Country Name (2 letter code) [AU]:GB | |||
State or Province Name (full name) [Some-State]:Leeds | |||
Locality Name (eg, city) []:Leeds | |||
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Palfreman Trading Ltd | |||
Organizational Unit Name (eg, section) []: | |||
Common Name (e.g. server FQDN or YOUR name) []:William Palfreman | |||
Email Address []:william@palfreman.com | |||
Please enter the following 'extra' attributes | |||
to be sent with your certificate request | |||
A challenge password []: | |||
An optional company name []: | |||
</pre> | |||
Then sign the [[Certificate Signing Request|CSR]] using your own [[Certificate Authority]]. | |||
$ openssl x509 -req -days 730 -in csr/smime.csr -CA certs/intermediate.crt -CAkey private/intermediate.key -set_serial 1 -out ../smime/smime.crt | |||
T.B.C.... |