Certificate revocation ...how ?

0 views
Skip to first unread message

Sonu K Mehrotra

unread,
May 17, 2002, 3:17:12 AM5/17/02
to
I have created a self signed certificate authority using the following

My setup-
Redhat Linux 7.1
Openssl 0.9.5
mod_ssl 2.8.8
apache 1.3.19
tomcat 3.3.1
jdk 1.4

commands used-

For CA
openssl genrsa -out /etc/httpd/conf/ssl.key/ca.key 1024

openssl req -new -key /etc/httpd/conf/ssl.key/ca.key -out
/etc/httpd/conf/ssl.csr/ca.csr

openssl x509 -req -days 365 -in /etc/httpd/conf/ssl.csr/ca.csr
-signkey /etc/httpd/conf/ssl.key/ca.key -out
/etc/httpd/conf/ssl.crt/ca.crt

For WebServer
openssl genrsa -out /etc/httpd/conf/ssl.key/server.key 1024

openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out
/etc/httpd/conf/ssl.csr/server.csr

openssl x509 -req -days 365 -in /etc/httpd/conf/ssl.csr/server.csr
-signkey /etc/httpd/conf/ssl.key/server.key -out
/etc/httpd/conf/ssl.crt/server.crt


For Client
openssl genrsa -out /etc/httpd/conf/ssl.key/sonu.key 1024

openssl req -new -key /etc/httpd/conf/ssl.key/sonu.key -out
/etc/httpd/conf/ssl.csr/sonu.csr -config /usr/share/ssl/openssl.cnf

openssl x509 -req -days 365 -CA /etc/httpd/conf/ssl.crt/ca.crt -CAkey
/etc/httpd/conf/ssl.key/ca.key -CAcreateserial -in
/etc/httpd/conf/ssl.csr/sonu.csr -out /etc/httpd/conf/ssl.crt/sonu.crt

openssl pkcs12 -export -clcerts -in /etc/httpd/conf/ssl.crt/sonu.crt
-inkey /etc/httpd/conf/ssl.key/sonu.key -out
/etc/httpd/conf/ssl.p12/sonu.p12

The .p12 which is created is installed in the client browser for the
client to check out the https site which requires client
authentication.

Every thing is working.

Now i need to find a command to revoke compromised or otherwise not
to be used keys.

how do I go about it.

Pl. guide it very important.

Regards

Sonu

Reply all
Reply to author
Forward
0 new messages