User's Manual
Certificate installation 457
You can use the following script to generate a signed file using OpenSSL
(version 0.9.8a or greater) on Linux. The input requirements in the script
include:
• Unsigned data file
• Public Signing Certificate
• Private key for the Signing Certificate
ATTENTION
The signing certificate and associated private key must be exported from the
Certificate Management system. Some Certificate Management systems (for
example, Microsoft CA Server) restrict the ability to export the private key. You
must take care when you generate certificates to ensure that you properly
configure the ability to export.
You should sign the file in a secure environment because the signing
certificate private key must be accessible. If the private key is
password-protected, you must enter this password to successfully create
a signature.
Table 112 " OpenSSL-based Linux script for file signing" (page
457) provides an example of Open SSL-based Linux script for file signing.
Table 112
OpenSSL-based Linux script for file signing
#!/bin/sh
# $1 - Input Unsigned File
# $2 - Signing Certificate
# $3 - Signing Certificate Private Key
# $4 – Output Signed File
unsigned_file=$1
sign_cert_file=$2
sign_cert_pk_file=$3
signed_file=$4
# Setup temporary files
tmp_signature_file="/tmp/resource$$.tmp"
# Create a detached signature
openssl smime –sign –in ${unsigned_file} –signer ${sign_cert_file} –outform
PEM –binary –inkey ${sign_cert_pk_file} –out ${signed_file}
# Now append the signature to the unsigned file
cat ${unsigned_file} ${tmp_signature_file} > ${signed_file}
# Clean up
rm –f ${tmp_signature_file}
Table 113 " OpenSSL-based Windows script for file signing" (page
458) provides an example of Open SSL-based Windows script for file
signing.
Nortel Communication Server 1000
IP Phones Fundamentals
NN43001-368 05.06 30 April 2010
Copyright © 2003-2010 Nortel Networks. All Rights Reserved.
.