In Public Key Cryptography (PKI) the system works by encrypting the information using the public key. The information can be only decrypted by private key. The common use of PK encryption is to encrypt the traffic using SSL or TLS connection.
A certificate is a method to distribute the public key and other information about a server and the Organization who is responsible for it. A certificate can be digitally signed by a certification authority or CA. A CA is a trusted 3rd party that has confirmed that the information contained in the certificate is accurate.
Below is the process for getting a certificate from certification Authority.
- Create a private and public encryption key pair
- Create a Certificate request based on the public key. the certificate request contains information about the server and the company hosting it.
- Send the Certificate Request along with the necessary document that proves the identity
- Once the CA is satisfied with the identity, they provide the digital certificate
- Install the certificate on the server and configure the application to use the certificate.
As listed above, the first phase of the process is to generate the encryption key pair. And this step is required whether one is creating the certificate own or trying to get from a CA. When generating the key, we can give a passphrase, which makes it more secure. However, if we do so, the services such as apache server etc would require manual interruption to enter the key as it starts up.
To Generate the key for CSR, the below command is the one required.
openssl genrsa -des3 -out server.key 2048
To create a new CSR, below is the command to be given
openssl req -new -key server.key -out request.csr
This command will ask to enter the passphrase and followed by the company details, Site Id, email id etc. Once enter the details, certificate will be created.
It is also possible to create a self signed certificate
openssl x509 -req days 365 -in server.csr -signkey server.key -out server.crt
The above command will prompt to enter the passphrase and after this the certificate will be stored in the server.crt file.
Installing the certificate is fairly easy.
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private
References:
https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html
A certificate is a method to distribute the public key and other information about a server and the Organization who is responsible for it. A certificate can be digitally signed by a certification authority or CA. A CA is a trusted 3rd party that has confirmed that the information contained in the certificate is accurate.
Below is the process for getting a certificate from certification Authority.
- Create a private and public encryption key pair
- Create a Certificate request based on the public key. the certificate request contains information about the server and the company hosting it.
- Send the Certificate Request along with the necessary document that proves the identity
- Once the CA is satisfied with the identity, they provide the digital certificate
- Install the certificate on the server and configure the application to use the certificate.
As listed above, the first phase of the process is to generate the encryption key pair. And this step is required whether one is creating the certificate own or trying to get from a CA. When generating the key, we can give a passphrase, which makes it more secure. However, if we do so, the services such as apache server etc would require manual interruption to enter the key as it starts up.
To Generate the key for CSR, the below command is the one required.
openssl genrsa -des3 -out server.key 2048
To create a new CSR, below is the command to be given
openssl req -new -key server.key -out request.csr
This command will ask to enter the passphrase and followed by the company details, Site Id, email id etc. Once enter the details, certificate will be created.
It is also possible to create a self signed certificate
openssl x509 -req days 365 -in server.csr -signkey server.key -out server.crt
The above command will prompt to enter the passphrase and after this the certificate will be stored in the server.crt file.
Installing the certificate is fairly easy.
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private
References:
https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html
No comments:
Post a Comment