SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

Using the scripts in this directory

First, it is important to note that these scripts relate to setting up an OpenSSL certification authority. If you already have a way of generating keys and certificates that are compatible with OpenSSL, you don't need anything in this directory. Similarly, if you are already familiar with generating keys and certificates using OpenSSL, these scripts might not be worth your time. The remainder of this file describes how to use the scripts provided to set up and maintain a CA.

The first thing that you need to do is modify set_vars.sh so that all variables are correctly set for your installation. All files ending in .conf will similarly need to be modified to specify the distinguished names for which key pairs are being generated. A distinguished name includes the location, owner, a common name, and a contact email address. In addition, CA.conf specifies the directory in which the CA's files will be stored.

Next, setup_dirs.sh should be run to create the appropriate directory structure, as well as a few files that will be needed.

In order to generate a certificate for the CA, which will allow you to generate other certificates, you should run generate_root_cert.sh . This will put the file CA.pem in the directory specified by set_vars.sh as CA_DIR. It is your responsibility to distribute this file to those who will need it.

Private keys and requests for certificates also need to be generated. For the service, this can be accomplished using generate_service_key.sh , which creates both the key and the request. For a client, generate_client_key.sh has similar output. The principle difference between the two is the common name attached to the certificate request: "CODEX_Service" for the former and "CODEX_Client" for the latter. generate_cert.sh can then be used to obtain certificates for these from the .req files produced during key generation.

An additional utility, view_cert.sh, allows you to see the contents of a certificate.

Here is a summary of steps:
[ setup CA ]
1) setup_dirs.sh
2) generate_root_cert.sh

[ setup service ]
1) generate_service_key.sh
2) generate_cert.sh service.req
3) view_cert.sh service.pem

[ setup client ]
1) generate_client_key.sh
2) generate_cert.sh client.req
3) view_cert.sh client.pem


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.