Sign a self signed certif by a CA

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Sign a self signed certif by a CA

Etienne Chové-2
Hi,

I'd like to generate a certificate, so I did it with :
sudo openssl req -x509 -config confs/apache-rouge.cnf -new \
-nodes -keyout apache-rouge.key -out apache-rouge.req

so this certificate is self-signed.

I'd like it to be self signed, so when someone accept it for one of my
virtual host, it's accepted for the others (virtual hosts are listed in
subjectAltName)

I now want to sign it with the CA (but I don't know how to do), so people who
accepted the CA also accpet this certificat by defaut.

Any idea ?

Thanks.

--
Etienne Chove
Network Admin
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Sign a self signed certif by a CA

michael Dorrian
Help is at hand. This is a really good explanation of how to set up certificates on Apache. I dont think it tells you how to revoke out of date certificates but i can help you with that if you want. Hope this helps.
Hi,

I'd like to generate a certificate, so I did it with :
sudo openssl req -x509 -config confs/apache-rouge.cnf -new \
-nodes -keyout apache-rouge.key -out apache-rouge.req

so this certificate is self-signed.

I'd like it to be self signed, so when someone accept it for one of my
virtual host, it's accepted for the others (virtual hosts are listed in
subjectAltName)

I now want to sign it with the CA (but I don't know how to do), so people who
accepted the CA also accpet this certificat by defaut.

Any idea ?

Thanks.

--
Etienne Chove
Network Admin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]


Yahoo! Travel
Find great deals to the top 10 hottest destinations!
Reply | Threaded
Open this post in threaded view
|

Re: Sign a self signed certif by a CA

Etienne Chové-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

michael Dorrian a écrit :
> Help is at hand. This is a really good explanation of how to set up certificates on Apache. I dont think it tells you how to revoke out of date certificates but i can help you with that if you want. Hope this helps.
>   http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html
>

Is it possible to hase a certificate signed by more than one CA ?

- --
Etienne
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEF7uJvsnSxJjnYzIRApVUAJ9LFwxCYtJHcyp7xfi6QoulPVKawgCfZRmE
xk0yUrFl6GPyd3Rp8abGk20=
=srva
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Sign a self signed certif by a CA

michael Dorrian
yes is the anwer to that. If you download the code for this book from this site http://www.opensslbook.com/code.html. It will unzip to a folder called "NSw0-1.3". Go into this folder and in this folder there is one subfolder called "ssl". Run that makefile in that folder. It creates two ca's one root CA then a server CA. You can make an infinite number of CA's although usually one root CA should be enough but this gives you an example of how this is done. Good luck!.

Etienne ChovE<[hidden email]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

michael Dorrian a écrit :
> Help is at hand. This is a really good explanation of how to set up certificates on Apache. I dont think it tells you how to revoke out of date certificates but i can help you with that if you want. Hope this helps.
> http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html
>

Is it possible to hase a certificate signed by more than one CA ?

- --
Etienne
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEF7uJvsnSxJjnYzIRApVUAJ9LFwxCYtJHcyp7xfi6QoulPVKawgCfZRmE
xk0yUrFl6GPyd3Rp8abGk20=
=srva
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]


Yahoo! Mail
Use Photomail to share photos without annoying attachments.
Reply | Threaded
Open this post in threaded view
|

Re: Sign a self signed certif by a CA

Etienne Chové-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

michael Dorrian a écrit :
> yes is the anwer to that. If you download the code for this book from this site http://www.opensslbook.com/code.html. It will unzip to a folder called "NSw0-1.3". Go into this folder and in this folder there is one subfolder called "ssl". Run that makefile in that folder. It creates two ca's one root CA then a server CA. You can make an infinite number of CA's although usually one root CA should be enough but this gives you an example of how this is done. Good luck!.

I think that in your case, a root CA sign a second CA, and the second CA sign
the request.

The certificate I wish is a certificate signed by two private keys (the CA's one
and the certificate's one).

Is this possible ?

- --
Bilou
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEHVzIvsnSxJjnYzIRAlODAJ9uO8dCZG7EticEkpH6pHFWMyZlcgCdF4qP
I6DlNppVfpErLLINiI8yGb4=
=sA/N
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]