595959
Appendix E: Creating CA Files
ii) Strip passphrase:
openssl rsa -in cakey.pem -out cakey-nopassword.pem
iii) Combine the key and X.509 certificate files into server.pem:
cat cakey-nopassword.pem cacert.pem > server.pem
iv) Collect all 3 PEM files and prepare to upload to IPCS server:
server.pem,cacert.pem,cakey.pem
2. Signed by trustworthy CA:
i) Prepare private key cakey.pem:
openssl genrsa –des3 –out cakey.pem 1024
meaning of parameters:
genrsa : generate RSA private key
des3 : encrypt certificate by DES3
1024 : the key size is 1024-bit
ii) Prepare a Certificate Signing Request:
openssl req –new –key cakey.pem –out server.csr
openSSL toolkit will prompt the user with a message to guide the user to fill out a registration
form. Once it is complete, users can submit the CSR file to www.verisign.com for testing or
refer to http://www.hitrust.com.tw/hitrustexe/frontend/default_tw.asp (located in Taiwan) to
apply for a signed certificate. Get the certificate and name the file as “cacert.pem”.
iii) Strip passphrase:
openssl rsa –in cakey.pem –out cakey-nopassword.pem
iv) Combine the key and X.509 certificate files into server.pem:
cat cakey-nopassword.pem cacert.pem > server.pem
v) Collect all 3 PEM files for upload:
server.pem , cacert.pem , cakey.pem