iC Home >
Know-how >
How To SSL - X.509 v2/3 >
Frequently Asked Questions & Answers
How To SSL - X.509 v2/37 Frequently Asked Questions & Answers |
Date: 21.11.2008 |
| ← 6 Where to buy SSL certificates? | [ up ] - [ top ] - [ a - z ] - [ Discussion Board ] | 8 Further Links → |
See also SSL Debugging - www.openssl.org/support/faq.cgi↑
Wie kann ich ein neues CSR File erstellen, wenn ich schon einen Key habe?
openssl req -new -days 365 -key server.key -out server.csr
Muss ich den CSR und Private Key auf der gleichen Maschine generieren, auf der später auch der https Server läuft?
Nein. Die X.509-Spezifikation ist plattform-unabhängig.
Wie kann ich auf der Shell ein Dokument eines HTTPS Servers abrufen?
$ openssl s_client -connect localhost:443 -state -debug GET / HTTP/1.0or$ curl -v https://ssl.example.org
How do I install a CA certificate into a browser?
The usual way is to send the DER encoded certificate to the browser as MIME type application/x-x509-ca-cert, for example by clicking on an appropriate link. On MSIE certain extensions such as .der or .cacert may also work, or you can import the certificate using the certificate import wizard.
You can convert a certificate to DER form using the command:
openssl x509 -in ca.pem -outform DER -out ca.derOccasionally someone suggests using a command such as:openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pemDO NOT DO THIS! This command will give away your CAs private key and reduces its security to zero: allowing anyone to forge certificates in whatever name they choose.
How to remove pass phrase from private key
openssl rsa -in server.key.secure -out server.key
Related FAQ Links
- OpenSSL.org/support/faq.cgi - Reference
Miscellaneous questions
openssl.org/support/faq.cgi
| <- 6 Where to buy SSL certificates? | [ up ] - [ top ] - [ index ] - [ Discussion Board ] | 8 Further Links -> |
copyright by retoh - created with mytexi