How do I create a self-signed certificate?

Dominique Sacre · 2013-10-18T16:30:00+00:00

Summary This article clarifies how to create a self-signed certificate to be used in your secure application. Environment Orbix 3.3 All Supported Operating Systems Question/Problem Description How do I create a self-signed certificate? Clarifying Information There are two types of CA (certificate authority) available. A commercial CA is a company that signs certificates for many systems. A private CA is a trusted node that you set up and use to sign certificates for your system only. When creating self-signed certificates we assume you will use a private CA. Please see KB article "What is a CA (certificate authority) and how do I configure my own CA used to self-sign openssl certificates?" on how to set up your own private CA Error Message Defect/Enhancement Number Cause Resolution Once a self-signed CA has been set up and configured to be used for signing certificates, create a new CSR (certificate signing request) for e.g. the orbix certificate, which is used by the Orbix daemon: openssl req -new -config Orbix config dir/openssl.cnf -days 365 -out ./orbix_csr.pem -keyout ./orbix_pk.pemThis command prompts you for a pass phrase for the daemon’s private key and information about the certificate distinguished name (Country Name, State or Province Name, Locality Name, Organization Name, Organizational Unit, Common Name, Email Address). Some of the entries in the CSR distinguished name must be the same as those used in the CA certificate. These entries depend on the CA policy section of the file openssl.cnf (or ssleay.cnf in earlier versions or Orbix 3.3.*). Please refer to Appendix C of the "OrbixSSL C Programmer’s and Administrator’s Guide" for more information.Next, sign the orbix CSR by using the following command: openssl ca -config Orbix config dir/openssl.cnf -days 365 -in Orbix_csr.pem -out orbix.pem To sign the certificate successfully, you must enter the CA private key pass phrase.Next, concatenate the certificate and private key files. On UNIX, do the following: cat orbix.pem orbix_pk.pem > services/orbix On Windows, use the following command: copy orbix.pem orbix_pk.pem services\\orbixCopy the resulting output file (orbix) to each host that runs OrbixSSL applications.Note, if you change the certificate and private key associated with an Orbix executable or one of the Orbix services, it is important to run the OrbixSSL update command to register the pass phrase associated with the new private key. On UNIX, to register the pass phrase used in the new certificate with the Orbix daemon, run update as follows: update orbixd <passphrase> 0 On Windows, run this command as follows: update orbixd.exe <passphrase> 0Run the above update command on each host that runs OrbixSSL servers and uses the new Orbix daemon certificate. Workaround Notes For further details, please see chapter "Managing certificates" in the "OrbixSSL C Programmer’s and Administrator’s Guide" or "OrbixSSL Java Programmer’s and Administrator’s Guide" available at http://supportline.microfocus.com/productdoc.aspx Attachment #Orbix#KnowledgeDocs#Security#Orbix3

Summary	This article clarifies how to create a self-signed certificate to be used in your secure application.
Environment	Orbix 3.3 All Supported Operating Systems
Question/Problem Description	How do I create a self-signed certificate?
Clarifying Information	There are two types of CA (certificate authority) available. A commercial CA is a company that signs certificates for many systems. A private CA is a trusted node that you set up and use to sign certificates for your system only. When creating self-signed certificates we assume you will use a private CA. Please see KB article "What is a CA (certificate authority) and how do I configure my own CA used to self-sign openssl certificates?" on how to set up your own private CA
Error Message
Defect/Enhancement Number
Cause
Resolution	Once a self-signed CA has been set up and configured to be used for signing certificates, create a new CSR (certificate signing request) for e.g. the orbix certificate, which is used by the Orbix daemon: openssl req -new -config Orbix config dir/openssl.cnf -days 365 -out ./orbix_csr.pem -keyout ./orbix_pk.pem This command prompts you for a pass phrase for the daemon’s private key and information about the certificate distinguished name (Country Name, State or Province Name, Locality Name, Organization Name, Organizational Unit, Common Name, Email Address). Some of the entries in the CSR distinguished name must be the same as those used in the CA certificate. These entries depend on the CA policy section of the file openssl.cnf (or ssleay.cnf in earlier versions or Orbix 3.3.*). Please refer to Appendix C of the "OrbixSSL C Programmer’s and Administrator’s Guide" for more information. Next, sign the orbix CSR by using the following command: openssl ca -config Orbix config dir/openssl.cnf -days 365 -in Orbix_csr.pem -out orbix.pem To sign the certificate successfully, you must enter the CA private key pass phrase. Next, concatenate the certificate and private key files. On UNIX, do the following: cat orbix.pem orbix_pk.pem > services/orbix On Windows, use the following command: copy orbix.pem orbix_pk.pem services\\orbix Copy the resulting output file (orbix) to each host that runs OrbixSSL applications. Note, if you change the certificate and private key associated with an Orbix executable or one of the Orbix services, it is important to run the OrbixSSL update command to register the pass phrase associated with the new private key. On UNIX, to register the pass phrase used in the new certificate with the Orbix daemon, run update as follows: update orbixd <passphrase> 0 On Windows, run this command as follows: update orbixd.exe <passphrase> 0 Run the above update command on each host that runs OrbixSSL servers and uses the new Orbix daemon certificate.
Workaround
Notes	For further details, please see chapter "Managing certificates" in the "OrbixSSL C Programmer’s and Administrator’s Guide" or "OrbixSSL Java Programmer’s and Administrator’s Guide" available at http://supportline.microfocus.com/productdoc.aspx
Attachment

#Orbix
#KnowledgeDocs
#Security
#Orbix3

Sign up

Please log in or register:

Welcome to the Rocket Forum!

Please log in or register:

Scanning file for viruses.

This file cannot be downloaded