|
Attached is a guide that is
meant to be an easy to understand tutorial on how to install openssl, and a CA on a Windows operating system. I still
need to test some of the steps of the guide at home where I don’t have openssl installed yet. Please enjoy this early version, and
feedback is more than welcome. Future versions will contain greater information
and easier navigation. |
This guide is meant to be a complete Newbie instruction for installing openSSL and your own CA. Currently this guide is written only for Windows users. I'm not sure the extent of this but I wrote it using WindowsXP, with Visual Studio.Net. So I'm assuming it will work on most Windows OS with Visual C installed. Further versions of this guide will cover other Operating Systems and compilers (Borland, etc).
It is not necessary to insall openSSL so if you are not interested in this please skip to the CA section further below. --------------------------------------------------- *************************************************** Install OpenSSL *************************************************** --------------------------------------------------- An alternative to method for win32 which involes a simply download and install can be found here: http://www.shininglightpro.com/search.php?searchname=Win32+OpenSSL I have not used this method though. - Download the latest version of openSSL from http://www.openssl.org/source/ For me it was openssl-0.9.7b.tar.gz. Extract the contents to a folder. Now download the latest version of AvtivePearl from http://www.activestate.com/Products/ActivePerl/ For me it was ActivePerl-5.8.0.806-MSWin32-x86.msi Follow the directions to install. - We need to setup the VC environment correctly. To do this we need to execute a file called VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ installation directory (somewhere under 'Program Files'). Open the command prompt by clicking start,run, and then typing cmd From here navigate your way to the bin subdurectory as mentioned above. For me it was: cd C:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\bin Once in that directory simply type > vcvars32.bat if that doesnt work, try vsvars32.bat From here navigate your way to the folder that you extracted openssl to. Once in here type: > perl Configure VC-WIN32 > ms\do_masm Using Windows, open the VC bin folder. From here copy the following files: cl.exe,c1.dll,c2.dll,c1xx.dll,cl.exe.config,nmake.exe Now place them in your openssl directory. Back to the command prompt. Change directory to openssl and type: > nmake -f ms\ntdll.mak Hopefully everything went well. If so you should now have some .dll files within a new folder called out32dll within your openssl directory. Final Steps: Copy 2 files from your out32dll folder to your system directory. Do this with either the command prompt or using windows explorer. Now back in the command prompt (or with windows) we create some new directories and folders and populate them: > md c:\openssl > md c:\openssl\bin > md c:\openssl\lib > md c:\openssl\include > md c:\openssl\include\openssl > copy /b inc32\openssl\* c:\openssl\include\openssl > copy /b out32dll\ssleay32.lib c:\openssl\lib > copy /b out32dll\libeay32.lib c:\openssl\lib > copy /b out32dll\ssleay32.dll c:\openssl\bin > copy /b out32dll\libeay32.dll c:\openssl\bin > copy /b out32dll\openssl.exe c:\openssl\bin Of course you need to be copying from the correct path of where you out32dll is located, so it is wise to be in this directory first. Now I think openSSL is officially installed. Where you go from here, I dont know...:( -------------------------------------------------------------- *************************************************************** CREATE YOUR OWN CA ************************************************************** -------------------------------------------------------------- - SETTING UP Firstly you will need three files: CA.pl, openssl.cnf, and openssl.exe. The location of these will depend on whether you have installed openssl or not. Did install openssl:- If you have installed openssl as mentioned above, the ca.pl and openssl.cnf files will be located in your openssl/apps/ directory. The openssl.exe will be located in your openssl/out32dll directory. I tried tp use my original openssl.exe file for the creation of my certificate but it wouldnt work, so I downloaded an older version off the Internet at http://www.stunnel.org/download/stunnel/win32/openssl-0.9.6j/ which then worked. Did NOT install openssl: - If you didnt install openssl then please download the tar file from http://www.openssl.org/source/. Within the apps directory is CA.pl and openssl.cnf. The .exe file can be found and downloaded off the Interent. Just use a simple good search, I found a copy at http://www.stunnel.org/download/stunnel/win32/openssl-0.9.6j/ You will also need to download the latest version of AvtivePearl from http://www.activestate.com/Products/ActivePerl/ For me it was ActivePerl-5.8.0.806-MSWin32-x86.msi Follow the directions to install. Note: I have not tried creating a CA without openssl installed, but I am told it works. - Once you have your files put them in a new directory, I created C:\demo and put them in there. Extract the following 2 files from the perl zip file and place them in the same directory as the openssl files: PERL56.DLL The perl dynamic link libriary needed for PERL.EXE PERL.EXE The executable file needed to run the perl script to create the CA. Set the location of openssl.cnf as an enviromental variable. We do this be entereing the command prompt: > cd c:\demo > set OPENSSL_CONF=c:\demo\openssl.cnf - Make a CA I found the easiest and most effective way to do this as below, but the bad thing is I don't really know whats going on. Anyway, here are the steps: Go into the command prompt. Move to your deom directory. type: > openssl req -config openssl.cnf -new -out my-server.csr > openssl rsa -in privkey.pem -out my-server.key > openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days > 365 > openssl x509 -in my-server.cert -out my-server.der.crt -outform DER You should now have a certificate and a key in your folder. The same result should be received from using: > ca.pl -newca > ca.pl -newreq > ca,pl -sign Sorry this last section (the main focus of the guide!!) has been rushed but I didnt realise it would take so long to write this guide. It will updated with much more information in the future. For now though, here are some excellent sites that I got a lot of information from and they will help you get a greater understanding: - http://www.post1.com/home/ngps/m2/howto.ca.html - http://hp.vector.co.jp/authors/VA027031/orenosp/certmemo_en.txt - http://www.galatea.com/flashguides/apache-ssl-win32.xml -------------------------------------------------------------- ************************************************************** INSTALL YOU CA IN YOUR SERVER ************************************************************** ------------------------------------------------------------- ...coming soon.... ------------------------------------------------------------ ************************************************************ REFERENCES ************************************************************ -------------------------------------------------------------- - http://www.post1.com/home/ngps/m2/howto.ca.html - http://hp.vector.co.jp/authors/VA027031/orenosp/certmemo_en.txt - http://www.galatea.com/flashguides/apache-ssl-win32.xml - http://www.shininglightpro.com/search.php?searchname=Win32+OpenSSL - http://www.openssl.org/ - http://www.activestate.com/
