CORBA 2.6.1 Administration Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

process of creating certificates, by using a private CA. The file locations are:

$NSD_ROOT/ssliop/etc/env.sh

$NSD_ROOT/ssliop/bin/newca

$NSD_ROOT/ssliop/bin/newreq

$NSD_ROOT/ssliop/bin/signreq

$NSD_ROOT/ssliop/bin/pkcs12

$NSD_ROOT/ssliop/bin/newcert

The newcert script simply combines the functions of newreq, signreq, and pks12 into one script.

profile in env.sh

The profile in env.sh is used by all of the CA shell scripts. env.sh provides configuration information for the CA shell scripts.

newca Script

The newca script is used to create the CA. The script only needs to be run once. To run the script, type:

newca

Example 6.1. Sample newca Run

Creating the self-signed root CA certificate.

Using configuration from toyCA.cnf

Generating a 1024 bit RSA private key

.................++++++

.....................++++++

writing new private key to ‘./toyCA/private/cakey.pem’

Enter PEM pass phrase:

Verifying password – Enter PEM pass phrase:

-----

You are about to be asked information that will be incorporated

into your certification request.

What you are about to enter is called a Distinguished Name or DN.

There are quite a few fields buy you may leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

-----

Country Name (2 letter code) [US]:

State or Province Name (full name) [California]:

Locality Name (eg, city) [Cupertino]:

Organization Name (eg, company) [Hewlett-Packard]:

Organizational Unit Name (eg, section) [NonStop]:

Common Name (eg, the CA, server, or client (your?) name): Toy CA

E-Mail [john.doe@hp.com]:

After running the script, the following directories and files are created:

Pathname/Filename Purpose

toyCA

Top level directory

toyCA/cacert.pem

Root CA certificate

toyCA/certindex.txt

Index file to all certificates in the database

toyCA/certs

Directory for certificates created

toyCA/crl

Directory for CRLs created

toyCA/private

Directory for all the private keys

toyCA/private/cakey.pem

The Root CA private key

toyCA/serial

The next Serial Number to use.

After running newca, the root CA certificate is created. You can display it by typing:

cat toyCA/cacert.pem

The result is:

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 0 (0x0)

Signature Algorithm: md5WithRSAEncryption

Issuer: C=US, ST=California, L=Cupertino, O=Hewlett-Packard, OU=NonStop/Email=john.doe@hp.com

Validity

Not Before: Jan 16 00:03:08 2003 GMT

Not After : Feb 15 00:03:08 2003 GMT

Subject: C=US, ST=California, L=Cupertino, O=Hewlett-Packard, OU=NonStop/Email=john.doe@hp.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public Key: (1024 bit)

Modulus (1024 bit):

00:d3:df:e6:53:08:86:39:5d:79:fb:fc:e6:92:ec:

83:19:a7:bd:c9:be:07:48:3a:94:4a:dc:be:af:ed:

91:e5:09:e6:4f:1f:25:09:b4:c7:dc:65:0a:77:10:

9f:de:db:3e:de:25:78:f1:88:78:5f:fc:75:9c:3a:

3a:9a:c6:d1:fd:c0:96:43:4f:51:b7:36:c6:5f:2c:

43:0e:d7:a7:af:3f:d6:8f:d6:60:92:b9:95:21:3f:

90:9e:a3:41:84:89:78:51:69:2f:84:26:d8:d2:02:

66:cf:a4:3b:13:b8:a4:2c:ee:45:7f:01:4b:81:4b: