Belkin F1D084Eea Manual de usuario descargar pdf (Pagina 63)

595959

Appendix E: Creating CA Files

ii) Strip passphrase:

openssl rsa -in cakey.pem -out cakey-nopassword.pem

iii) Combine the key and X.509 certiﬁcate ﬁles into server.pem:

cat cakey-nopassword.pem cacert.pem > server.pem

iv) Collect all 3 PEM ﬁles and prepare to upload to IPCS server:

server.pem,cacert.pem,cakey.pem

2. Signed by trustworthy CA:

i) Prepare private key cakey.pem:

openssl genrsa –des3 –out cakey.pem 1024

meaning of parameters:

genrsa : generate RSA private key

des3 : encrypt certiﬁcate by DES3

1024 : the key size is 1024-bit

ii) Prepare a Certiﬁcate Signing Request:

openssl req –new –key cakey.pem –out server.csr

openSSL toolkit will prompt the user with a message to guide the user to ﬁll out a registration

form. Once it is complete, users can submit the CSR ﬁle to www.verisign.com for testing or

refer to http://www.hitrust.com.tw/hitrustexe/frontend/default_tw.asp (located in Taiwan) to

apply for a signed certiﬁcate. Get the certiﬁcate and name the ﬁle as “cacert.pem”.

iii) Strip passphrase:

openssl rsa –in cakey.pem –out cakey-nopassword.pem

iv) Combine the key and X.509 certiﬁcate ﬁles into server.pem:

cat cakey-nopassword.pem cacert.pem > server.pem

v) Collect all 3 PEM ﬁles for upload:

server.pem , cacert.pem , cakey.pem

1 2 ... 58 59 60 61 62 63 64 65 66 67 68

Sin comentarios

Belkin F1D084Eea Manual de usuario Pagina 63