Filter
Top Products
Chapter 4 Section 4.4
Operating SSL Using the OpenSSL Utility
HTTPS eWay Adapter User’s Guide 37 Sun Microsystems, Inc.
private key and the corresponding certificate for the CA. The certificate is valid for 365
days starting from the date and time it was created.
The properties file C:\openssl\bin\openssl.cnf is needed for the req command. The
default config.cnf file is in the OpenSSL package under the apps sub-directory.
Note: That to use this file in Windows, you must change the paths to use double back-
slashes. See “Windows OpenSSL.cnf File Example” on page 38 for a complete
Config.cnf file example, which is known to work in a Windows environment.
4.4.2 Signing Certificates With Your Own CA
The example in this section shows how to create a CSR with keytool and generate a
signed certificate for the CSR with the CA created in the previous section. The steps
shown in this section, for generating a KeyStore and a CSR, were already explained
under “Creating a KeyStore in JKS Format” on page 29.
Note: No details are given here for the keytool commands. See “Creating a KeyStore in
JKS Format” on page 29 for more information.
To create a CSR with keytool and generate a signed certificate for the CSR
1
keytool –keystore clientkeystore –genkey –alias client
Enter keystore password: seebeyond
What is your first and last name?
[Unknown]: development.seebeyond.com
What is the name of your organizational unit?
[Unknown]: Development
What is the name of your organization?
[Unknown]: SeeBeyond
What is the name of your City or Locality?
[Unknown]: Monrovia
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
Is <CN=Foo Bar, OU=Development, O=SeeBeyond, L=Monrovia, ST=Californi
a, C=US> correct?
[no]: yes
Enter key password for <client>
(RETURN if same as keystore password):
2
keytool –keystore clientkeystore –certreq –alias client –
keyalg rsa –file client.csr
3
openssl x509 -req -CA
ca-certificate.pem.txt CAkey ca-key.pem.txt
-in client.csr -out client.cer -days 365 -CAcreateserial
This is how we create a signed certificate for the associated CSR. The option
-CAcreateserial is needed if this is the first time the command is issued. It is used to