Table of Contents
Advertisement
Chapter 10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SSL certificates - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 10
Step 1: Creating an SSL certificate
The are three ways to create a digital certificate:
• Obtain a registered certificate from a recognized certificate authority: This is the best
• Become a private certificate authority (CA) and issue your own certificate: You can
• Create a self-signed certificate: This is the least secure method, since the certificate
Certificate tools
Digital certificates can be created/managed with a variety of tools. The examples in this
chapter use the OpenSSL tools and components included with the Colubris Backend
archive. You should download and install these items as follows:
1. Download the Backend sample archive from www.colubris.com > support >
2. Download openssl-0.9.7c-win32-bin.zip from http://curl.haxx.se/download.html
3. Open a command prompt and create the following folder on your computer:
4. Extract openssl-0.9.7c-win32-bin.zip into c:\certificates.
5. Extract the contents of the certificates folder in the Backend archive into
You are now ready to execute the following examples.
Obtaining a
This example illustrates how to create a certificate request and send it to a certificate
authority to obtain a registered public certificate.
registered
The benefit of using a registered certificate is that the public key for these CAs is
certificate
included by default in most web browsers, eliminating warning messages.
For the purposes of this example:
• the certificate will be requested for the domain name: www.company.com
• the secret password used to protect the key is your_password
1. Open a Windows command-line session.
2. Go to the directory where you installed the certificate tools. This example assumes
3. Execute the command: newreq domain_name
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 197 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
option, since it ensures that your certificate can be validated by any web browser. A
number of companies offer this service for a nominal charge. These include: Thawte,
Verisign, and Entrust.
become your own CA. and create as many certificates as you require. However, since
your CA will not be included in the internal list of trusted CAs maintained by most
browsers, customers will get a security alert until they add your CA to their browser.
is signed using the private key of the server rather than a CA. Self-signed certificates
should generally be used for testing purposes only.
download > CN3000 or retrieve it from the CD.
> OpenSSL Library Packages.
c:\certificates and c:\certificates\ca\newcerts
c:\certificates.
c:\certificates.
For example:
C:\certificates\>newreq www.company.com
You will now be prompted for a password
that will protect the new private key.
Loading 'screen' into random state - done
0 semi-random bytes loaded
- Quick Links:
- Introduction
- Wireless Radio
- Logging in
- Reset Button
Hide quick links:
Advertisement
Table of Contents
