Hi Goetz, *,
> There is the man page x509v3_config.
> It should contain the info you need.
> A hint: x509v3_config describes data found in the openssl.cnf file.
> So this data is used on creating a certificate / CSR...
well I have created a certificate with all neccessary data. At least I think
I've done it right. And yes, as you said, crypto isn't a thing to deal with,
if you haven't got at least a minor understanding of what one is doing.
Well, I think that I do have at least a minor understanding, but on the
other hand I'm not that far, that I know how to deal with some sorts of jobs
I need to do. Just as like as the one I'm still working on. A certificate
for some subdoimains and the maindomain. All dmians should have the same
cerfcate.
C:\ssl>dir
Datenträger in Laufwerk C: ist System
Volumeseriennummer: F8B1-B3F8
Verzeichnis von C:\ssl
19.08.2009 12:47 <DIR> .
19.08.2009 12:47 <DIR> ..
19.08.2009 10:01 1.024 .rnd
19.08.2009 10:02 1.407 cacert.pem
19.08.2009 10:02 963 cakey.pem
19.08.2009 12:55 2.013 cert.p12
21.07.2009 09:32 <DIR> certs
21.07.2009 09:32 0 database.txt
19.08.2009 10:06 963 key.pem
21.07.2009 09:32 <DIR> keys
19.08.2009 10:09 822 req.pem
21.07.2009 09:32 <DIR> requests
21.07.2009 09:32 0 serial.txt
8 Datei(en), 7.192 Bytes
5 Verzeichnis(se), 493.483.315.200 Bytes frei
C:\ssl>openssl x509 -text -in cacert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ab:49:2d:9c:cd:b2:e2:b5
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Niedersachsen, L=somewhre, O=xxxxx GmbH,
OU=Administr
ation, CN=somename/emailaddress=some...@mydomain.tld
Validity
Not Before: Aug 19 08:02:58 2009 GMT
Not After : Aug 18 08:02:58 2012 GMT
Subject: C=DE, ST=Niedersachsen, L=somewhere, O=xxxxx GmbH,
OU=Administ
ration, CN=somename/emailaddress=i...@mydomain.tld
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d6:03:54:4b:b4:13:e8:cd:97:49:6f:ae:11:c4:
2b:04:ec:b2:b1:06:4b:8f:71:ba:85:fa:10:14:6d:
88:be:7f:37:53:15:3b:39:4e:26:9d:02:ba:3c:bd:
6e:3e:db:33:a0:19:f0:b2:cf:ef:42:30:03:7d:9a:
2b:04:85:af:3e:03:51:d3:2b:f6:af:56:38:38:93:
e4:8a:2d:1f:ed:86:53:a8:33:9a:06:6e:cf:c6:ec:
6c:37:d7:90:d6:19:02:69:6f:93:0d:d7:d8:6d:11:
96:1b:d2:16:51:09:2a:f5:f3:c3:3a:19:ce:bc:ef:
26:b2:77:33:03:a9:eb:6c:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:75:05:9B:F0:02:C7:F5:0E:99:34:97:3D:25:E0:01:9E:29:AA:10
X509v3 Authority Key Identifier:
keyid:A8:75:05:9B:F0:02:C7:F5:0E:99:34:97:3D:25:E0:01:9E:29:AA:1
0
DirName:/C=DE/ST=Niedersachsen/L=Rinteln/O=xxxxx
GmbH/OU=Admi
nistration/CN=somename/emailaddress=i...@mydomain.tld
serial:AB:49:2D:9C:CD:B2:E2:B5
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
2e:2f:33:0c:4a:88:df:88:d2:6c:23:93:a7:41:d9:12:14:f4:
7f:8e:10:a0:d5:d5:d4:7e:d2:d1:02:d3:37:9e:19:b3:e6:48:
7e:3e:f2:90:8b:3c:b2:d2:e6:90:eb:4d:a3:3d:4f:30:d9:a7:
12:98:06:6d:02:62:c3:83:41:60:d4:3c:c6:97:03:0c:ec:fc:
f5:62:94:06:20:5a:cc:f9:e7:c8:e9:bd:90:f4:2b:9d:d6:c7:
96:53:a5:03:45:b2:04:90:db:5a:f2:b9:23:89:4f:10:e9:29:
b7:a1:47:60:01:72:42:c5:50:91:19:60:b8:7f:64:7b:98:d7:
72:f3
-----BEGIN CERTIFICATE-----
MIID4zCCA0ygAwIBAgIJAKtJLZzNsuK1MA0GCSqGSIb3DQEBBQUAMIGoMQswCQYD
VQQGEwJERTEWMBQGA1UECBMNTmllZGVyc2FjaHNlbjEQMA4GA1UEBxMHUmludGVs
bjEWMBQGA1UEChMNRGVCbGFUZWsgR21iSDEXMBUGA1UECxMOQWRtaW5pc3RyYXRp
b24xGDAWBgNVBAMTD0Rlbm5pcyBCbGF1bWFubjEkMCIGCSqGSIb3DQEJARYVZGJs
YXVtYW5uQGRlYmxhdGVrLmRlMB4XDTA5MDgxOTA4MDI1OFoXDTEyMDgxODA4MDI1
OFowgagxCzAJBgNVBAYTAkRFMRYwFAYDVQQIEw1OaWVkZXJzYWNoc2VuMRAwDgYD
VQQHEwdSaW50ZWxuMRYwFAYDVQQKEw1EZUJsYVRlayBHbWJIMRcwFQYDVQQLEw5B
ZG1pbmlzdHJhdGlvbjEYMBYGA1UEAxMPRGVubmlzIEJsYXVtYW5uMSQwIgYJKoZI
hvcNAQkBFhVkYmxhdW1hbm5AZGVibGF0ZWsuZGUwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANYDVEu0E+jNl0lvrhHEKwTssrEGS49xuoX6EBRtiL5/N1MVOzlO
Jp0Cujy9bj7bM6AZ8LLP70IwA32aKwSFrz4DUdMr9q9WODiT5IotH+2GU6gzmgZu
z8bsbDfXkNYZAmlvkw3X2G0RlhvSFlEJKvXzwzoZzrzvJrJ3MwOp62wxAgMBAAGj
ggERMIIBDTAdBgNVHQ4EFgQUqHUFm/ACx/UOmTSXPSXgAZ4pqhAwgd0GA1UdIwSB
1TCB0oAUqHUFm/ACx/UOmTSXPSXgAZ4pqhChga6kgaswgagxCzAJBgNVBAYTAkRF
MRYwFAYDVQQIEw1OaWVkZXJzYWNoc2VuMRAwDgYDVQQHEwdSaW50ZWxuMRYwFAYD
VQQKEw1EZUJsYVRlayBHbWJIMRcwFQYDVQQLEw5BZG1pbmlzdHJhdGlvbjEYMBYG
A1UEAxMPRGVubmlzIEJsYXVtYW5uMSQwIgYJKoZIhvcNAQkBFhVkYmxhdW1hbm5A
ZGVibGF0ZWsuZGWCCQCrSS2czbLitTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
BQUAA4GBAC4vMwxKiN+I0mwjk6dB2RIU9H+OEKDV1dR+0tEC0zeeGbPmSH4+8pCL
PLLS5pDrTaM9TzDZpxKYBm0CYsODQWDUPMaXAwzs/PVilAYgWsz558jpvZD0K53W
x5ZTpQNFsgSQ21ryuSOJTxDpKbehR2ABckLFUJEZYLh/ZHuY13Lz
-----END CERTIFICATE-----
> I think .cer is just DER encoded data.
> The OpenSSL subcommand x509 has an option to save a certificate
> in DER format.
> I admit I'm somewhat vague.
> This is on purpose, because in the range of
> shooting-yourself-in-the-foot opensll and cryptography
> is a very big canon.
> It is essential to have at least some basic understanding about what you
> do.
> Giving you a cookbook will not give you this understanding.
Well, I know exactly what you're saying and under "normal" circumstances I
would agree to your cookbook statement, but sometimes you're facing
challenges and for somewhat reasons you're standing since a while on the
hose and haven't got a clue, why - and that's where I'm at.
Maybe you or someone else on the list might be so kind to help me out, so
that I'll get the thing done.
Thaks a lot to all who might help me!
Greetings
NielsJ
- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKg/wo2iGqZUF3qPYRAoMDAJ4sT61SRz/HP5qNWz0JS+ods5XwvQCdHdIQ
9rkSIeIMrBMQ5oElgaHCcJg=
=erui
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
View this message in context:
http://www.nabble.com/Howto-create-a-certificate-for-multiple-domains--tp24931183p25042187.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
