Eureka OL-8880-01 - Manual

Eureka OL-8880-01

Eureka OL-8880-01 – Manual, read for free online in PDF format. We hope this helps you resolve any issues you may have. If you have further questions, please contact us through the contact form.

1 Page 1
2 Page 2
3 Page 3
4 Page 4
5 Page 5
6 Page 6
7 Page 7
8 Page 8
9 Page 9
10 Page 10
11 Page 11
12 Page 12
13 Page 13
14 Page 14
15 Page 15
16 Page 16
17 Page 17
18 Page 18
19 Page 19
20 Page 20
21 Page 21
22 Page 22
23 Page 23
24 Page 24
Page: / 24

Table of Contents:

  • Page 2 – Certificate Generation; Generating Certificates with OpenSSL; The openssl.cnf Configuration File; Server or Client
  • Page 3 – shows an example of an openssl.cnf file,
  • Page 4 – Required Certificate Extensions; Creating a CA Directory; mkdir ca; Creating a Self-signed CA Root Certificate and RSA Key
  • Page 5 – Converting a CA Certificate to PKCS#12; Creating a Client Certificate Request
  • Page 6 – Converting a Client Certificate and Private Key to PKCS#12; Certificate Generation with Windows CA
  • Page 7 – Generating a Server Certificate; Select Request a Certificate and click Next.
  • Page 8 – Select Advanced request and click Next.
  • Page 11 – Generating a Client Certificate
  • Page 13 – Certificate Retrieval; Click Next to proceed.
  • Page 14 – Select the appropriate request from the list and click Next.
  • Page 15 – Click Install this certificate to continue.
  • Page 16 – Exporting Server and Client Certificates; Navigate to the Certificates dialog box with these steps:
  • Page 18 – Select Yes, export the private key and click Next to continue.; Click Next to continue.
  • Page 19 – After entering the password, click Next to continue.; After entering the file name, click Next to continue.
  • Page 20 – Exporting CA Certificates
  • Page 22 – Converting PKCS#12 to PEM; Convert the PKCS#12 file to PEM format using openssl.
Loading the manual

C H A P T E R

2-1

WLSE Express AAA Server Certificate Configuration Guide

OL-8880-01

2

Generating Certificates

Revised: March 27, 2006, OL-8880-01

Overview

This chapter provides a general overview of the steps involved in generating RSA keys and certificates
without reference to specific tools. Following the overview, the sections

Generating Certificates with

OpenSSL, page 2-2

and

Certificate Generation with Windows CA, page 2-6

provide examples based on

OpenSSL and Windows Certificate Authority.

The actual mechanics of certificate generation are highly dependent on the tools used as well as the local
security policies in effect. Some tools and policies might condense the three steps shown below into
fewer (possibly one) steps or expand them into more steps. The degree of automation and direct user
involvement also varies greatly and can range from a simple web form-based model with automatic
certificate distribution to a more complicated procedure with multiple user interactions. Some CAs are
set up to support online operations including certificate production while others might operate strictly
offline and require more manual involvement.

RSA Key Generation

RSA keys have certain mathematical and cryptographic properties that require special software tools for
the generation. Some tools will ask you to type on the keyboard during generation to create a source of
randomness. This is because RSA keys are based on large random numbers.

RSA key pairs have two essential parameters that must be specified during creation. The first parameter
is the key type which is always RSA. The second parameter is the key length in bits which can vary from
512 to 4096 bits (or even more). The key length is usually specified as part of the customers’ security
policy and it is difficult to give a generally applicable recommendation for it.

Certificate Request Creation

A Certificate Request (CR) is information packaged with the public key that specifies the type and
general content of the desired certificate. It is usually packaged in a format based on PKCS#10 (one of
the PKCS standards documented by RFC 2986) or Certificate Request Message Format (CRMF), an
emerging standard from the IETF. The format of the CR is usually not important as long as the tools used
to create and process it are compatible.

"Loading the manual" means you need to wait until the file loads and becomes available for online reading. Some manuals are very large, and the time they take to appear depends on your internet speed.

Summary

Page 2 - Certificate Generation; Generating Certificates with OpenSSL; The openssl.cnf Configuration File; Server or Client

2-2 WLSE Express AAA Server Certificate Configuration Guide OL-8880-01 Chapter 2 Generating Certificates Generating Certificates with OpenSSL The CR usually contains the following: • An RSA key-pair • Subject name (possibly in DN format) • Desired lifetime of the certificate • Name or identification...

Page 3 - shows an example of an openssl.cnf file,

2-3 WLSE Express AAA Server Certificate Configuration Guide OL-8880-01 Chapter 2 Generating Certificates Generating Certificates with OpenSSL export OPENSSL_CONF /opts/open/openssl.cnf • Specifying the –config option on the command line openssl <additional parameters> config ./openssl.cnf The ...

Page 4 - Required Certificate Extensions; Creating a CA Directory; mkdir ca; Creating a Self-signed CA Root Certificate and RSA Key

2-4 WLSE Express AAA Server Certificate Configuration Guide OL-8880-01 Chapter 2 Generating Certificates Generating Certificates with OpenSSL Required Certificate Extensions PEAP and EAP-TLS require server certificates to include an extendedKeyUsage extension of TLS Server Authentication and client ...

Other Eureka Models