How to use this API

Published Thu 9 Sep, 15:35 by smalot in Tutorial

View part:


Part 2 - Create your own certificate

 

A self-signed certificate is easy to generate and enough secure for TEST environment. However, due to non unicity, it's not recommended to use such one in PROD environment.

It's important to know a full certificate is composed by 3 parts :

  • Private KEY
  • Public KEY
  • CA Path

In case of self-signed certificate, the CA Path is the certificate itself.

Step 1 - First of all, create the RSA Private KEY (using Triple-DES) :

server:~# openssl genrsa -des3 -out demo_server.key 1024

Generating RSA private key, 1024 bit long modulus
.....++++++
...................++++++
e is 65537 (0x10001)
Enter pass phrase for demo_server.key:
Verifying - Enter pass phrase for demo_server.key:

 

Step 2 - Generate a CSR (Certificate Signing Request) :

server:~# openssl req -new -key demo_server.key -out demo_server.csr
Enter pass phrase for demo_server.key:

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:demo.domainname.tld
Email Address []:demo@domainname.tld

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

 

Step 3 - Generating a Self-Signed Certificate :

This file will be communicated to your partner. It will be used with signed data to validate that you are the owner and encrypt data to be sure that you are the only one able to decrypt them.

server:~# openssl x509 -req -days 365 -in demo_server.csr -signkey demo_server.key -out demo_server.crt
Signature ok
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=demo.domainname.tld
Getting Private key
Enter pass phrase for demo_server.key:

 

Step 4 - Generate the Container :

This container hold both the private key and the certificate. So it's important to specify a password and keep the file stored into a secure place.

server:~# openssl pkcs12 -export -in demo_server.crt -inkey demo_server.key -out demo_server.pfx -name "demo key"
Enter pass phrase for demo_server.key:
Enter Export Password:
Verifying - Enter Export Password:

Keep in mind the password you typed.
It will be requested for 'partner setup' section.

0 Comments for "How to use this API"

There are currently no comments.

Leave a comment