hi,
i created a self signed certificate using openssl.
i want to put my ca cert into the ca-bundle.crt. how do i do
that?. i want to put it in the ca-bundle.crt obtained while
installing modssl as it helps me to manage more ca's while i send
mail from one username to another using smime tool.
# encoding and sign using smime utitlity
openssl smime -sign -in abc.rat -signer sender/cert/newcert.pem
-inkey sender/private/private.key -certfile sender/CA/cacert.pem |
openssl smime -encrypt -out mail.msg -des3
receiver/cert/newcert.pem
#decode and read using the smime
openssl smime -decrypt -in mail.msg -recip
receiver/cert/newcert.pem -inkey receiver/private/private.key -out
mail.dec
#verify the mail
openssl smime -CAfile sender/CA/cacert.pem -verify -in mail.dec
the way i created the certificate is copy the openssl.cnf and
edited so that the modified file can have default prompt options
for certificate option set and also default CA is the current
directory..
rm -rf receiver sender
mkdir certs crl newcerts private
echo "01" > serial
cp /dev/null index.txt
#cp ../openssl.cnf openssl.cnf
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem
-days 365 -config openssl.cnf
cp private/cakey.pem private/cakey.pem.enc
openssl rsa -in private/cakey.pem.enc -out private/cakey.pem
openssl req -nodes -new -x509 -keyout sendReq.pem -out sendReq.pem
-days 365 -config openssl.cnf
openssl req -nodes -new -x509 -keyout recvReq.pem -out recvReq.pem
-days 365 -config openssl.cnf
openssl x509 -x509toreq -in sendReq.pem -signkey sendReq.pem -out
sendtmp.pem
openssl x509 -x509toreq -in recvReq.pem -signkey recvReq.pem -out
recvtmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out
sendcert.pem -infiles sendtmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out
trustcert.pem -infiles trusttmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out
recvcert.pem -infiles recvtmp.pem
mkdir sender receiver
mkdir sender/private sender/cert sender/CA
mkdir receiver/private receiver/cert receiver/CA
cp sendReq.pem ./sender/private/private.key
cp sendcert.pem ./sender/cert/newcert.pem
cp cacert.pem ./sender/CA/cacert.pem
cp recvReq.pem ./receiver/private/private.key
cp recvcert.pem ./receiver/cert/newcert.pem
cp cacert.pem ./receiver/CA/cacert.pem
rm -f tmp.pem
rm -rf *.pem
rm -rf certs crl newcerts private
rm -rf serial index.txt
any pointers in adding the certificate to ca-bundle.crt will be of
great help
Thanks
ganesh
__________________________________________________________
Give your Company an email address like
ravi @ ravi-exports.com. Sign up for Rediffmail Pro today!
Know more. http://www.rediffmailpro.com/signup/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
