OpenSSL OpenSSL - User

[question]

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Ben K.
Reply | Threaded
Open this post in threaded view
|

[question]

Ben K.

Hi,

I'm trying to create a certificate for a test with qpopper on sslwrap. I'd
appreciate any advice.
 
I used this command to create a certificate for sslwrap.

(A)  openssl req new -x509 -nodes -out my.pem -keyout my.pem -days 365.

It works OK. Now, we have a certificate from Thawte available. I wanted to
see how many configuration steps an Outlook user will save, if we install
a commercial certificate rather than self-signed one. The Thawte
certificate has passphrase.

I tried, by guessing from the format,

(1) Remove passphrase
openssl rsa -in my.key -out my.nopass.key

(2) Extract public part of the key
openssl rsa -in my.nopass.key -pubout -out my.pub.key
 
(3) Concatenate key and cert together.
cat my.pub.key my.crt > my.pem

But this didn't work.

My purpose is to make an equivalent of (A) from the existing certificate.
Could someone advise?

Thanks..

Ben Kim
Developer
College of Education
Texas A&M University

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Dr. Stephen Henson
Reply | Threaded
Open this post in threaded view
|

Re: [question]

Dr. Stephen Henson
On Tue, May 24, 2005, Ben Kim wrote:

>
> Hi,
>
> I'm trying to create a certificate for a test with qpopper on sslwrap. I'd
> appreciate any advice.
>  
> I used this command to create a certificate for sslwrap.
>
> (A)  openssl req new -x509 -nodes -out my.pem -keyout my.pem -days 365.
>
> It works OK. Now, we have a certificate from Thawte available. I wanted to
> see how many configuration steps an Outlook user will save, if we install
> a commercial certificate rather than self-signed one. The Thawte
> certificate has passphrase.
>
> I tried, by guessing from the format,
>
> (1) Remove passphrase
> openssl rsa -in my.key -out my.nopass.key
>
> (2) Extract public part of the key
> openssl rsa -in my.nopass.key -pubout -out my.pub.key
>  
> (3) Concatenate key and cert together.
> cat my.pub.key my.crt > my.pem
>
> But this didn't work.
>
> My purpose is to make an equivalent of (A) from the existing certificate.
> Could someone advise?
>

Qpopper will need the *private* key and the certificate.

You can first check the certificate is in the correct format with:

openssl x509 -in my.crt

If you don't get an error you just configure it to use my.crt and
my.nopass.key, or concatenate the two and just point it at that one file.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Ben K.
Reply | Threaded
Open this post in threaded view
|

Re: [question]

Ben K.
On Tue, 24 May 2005, Dr. Stephen Henson wrote:

>If you don't get an error you just configure it to use my.crt and
>my.nopass.key, or concatenate the two and just point it at that one file.

Thanks greatly. It solved my problem.

Regards,

Ben Kim
Developer
College of Education
Texas A&M University

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Free forum by Nabble Edit this page