Difference between revisions of "OpenSSL"

From Palfrepedia
Jump to navigation Jump to search
(Adding S/MIME section)
(Adding creating S/MIMEs)
Line 12: Line 12:


== Creating and using S/MIME ==
== Creating and using S/MIME ==
This is how to create a self-signed S/MIME certificate, used for email encryption and decryption in an email client.


First, generate your new key:
First, generate your new key:
<pre>$ openssl genrsa -out smime.key 2048</pre>
<pre>$ openssl genrsa -out smime.key 2048</pre>
Then create a [[Certificate Signing Request]]:
<pre>$ openssl req -new -key smime.key -out smime.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:Leeds
Locality Name (eg, city) []:Leeds
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Palfreman Trading Ltd
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:William Palfreman
Email Address []:william@palfreman.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
</pre>
Then sign the [[Certificate Signing Request|CSR]] using your own [[Certificate Authority]].
$ openssl x509 -req -days 730 -in csr/smime.csr -CA certs/intermediate.crt -CAkey private/intermediate.key -set_serial 1 -out ../smime/smime.crt
T.B.C....

Revision as of 08:29, 14 September 2022

OpenSSLis the widely used encryption layer in UNIX operating systems. The most common day to day use is providing transport layer security to websites, such as this one and indicated by the use of https in the URL.

Points to be covered in this document

  • Generating a private key
  • Generating a Certificate Signing Request
  • Fitting an SSL key
  • Verification
  • Starting a Certificate Authority.

Will be fleshed out as time allows.

Creating and using S/MIME

This is how to create a self-signed S/MIME certificate, used for email encryption and decryption in an email client.

First, generate your new key:

$ openssl genrsa -out smime.key 2048

Then create a Certificate Signing Request:

$ openssl req -new -key smime.key -out smime.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:Leeds
Locality Name (eg, city) []:Leeds
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Palfreman Trading Ltd
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:William Palfreman
Email Address []:william@palfreman.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Then sign the CSR using your own Certificate Authority. $ openssl x509 -req -days 730 -in csr/smime.csr -CA certs/intermediate.crt -CAkey private/intermediate.key -set_serial 1 -out ../smime/smime.crt

T.B.C....