Hi,
I am new to Open SSL. I need to configure my application server with client
authentication(user based certificate authentication). To achieve this, I
have configured my tomcat server.xml with clientAuth="true". Currently I
have created a client certificate and added it into both in my application
as well as browser.
I have used the following commands to create certificates,
*openssl genrsa -rand world.png -out ./output/ClientKey.key 1024
* openssl req -new -key ./output/ClientKey.key -out
./output/ClientCsr.csr -config openssl.cnf
* openssl x509 -req -days 999999 -in ./output/ClientCsr.csr -signkey
./output/ClientKey.key -out ./output/ClientCer.cer [ I have imported the
generated ClientCer.cer into my application server trustore ].
* openssl pkcs12 -export -clcerts -in ./output/ClientCer.cer -inkey
./output/ClientKey.key -out ./output/rameshj.p12 -name "rameshj" [ I have
imported the generated rameshj.p12 into my browser ].
It is working perfectly. But here I require to import all the user specific
(common name) in the server as well as browsers. In other words, if my
application supports 1000 users, then I need to import all the 1000
certificates to my server application trustore file. Due to scalability
point of view, here I am planning to import just only one root certificate
into my server application and 1000 users certificates will be imported into
1000 different user m/c browsers. But I don't know how to generate root
certificate and other 1000 user certificates using openssl command. Can you
please help me to generate root certificate as well as user certificate ?
Thanks in advance for your help.
Regards,
Ramesh
--
View this message in context:
http://www.nabble.com/Help-on-creating-root-certificate.-tp18458611p18458611.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
