start by generating a private key
Then use that private key to generate your request to the CA.
then you send the request.pem to the CA.
they will return a signed certificate.
the x.key file is both the Public key and the Private key.
the signed cert is just the public key with a signed blob of crypto stuff.
Hello all,
I have a bit of trouble working a passwordless SSH from UNIX to Cygwin running windows 2k3. Here are some details. I AM able to SSH from the Windows box to the UNIX box using the keys. Also, I'm able to SSH from UNIX to Windows w/o the keys. However, when I try to do it with the keys... (9 Replies)
Hi everybody,
I need some help on writing a script that is able to remote copy file to one server. I already created this types of scripts, and works ok as long as this server I want to copy from is access through telnet. Here is how I do it:
ftp -n xxx.xxx.xxx.xxx << _EOF_
user user_name... (6 Replies)
hello,
iam able to ssh to a linux server from a linux server called "machine1" using the private/public key method, so I dont need to enter any password when I run my script but iam not able to ssh from machine1 to a UNIX server, access is denied.
note that I am using an application id which is... (6 Replies)
Hi,
I have a doubt..whether the SSL/TLS protocol uses the public key of the web server to encrypt data before sending it.
I knew the browser verifies the public key of the web server using the digital certificate (by verifying the signature of the certificate using trusted authority). whether... (2 Replies)
Hi,
please guide me create a public/private key using ssh-keygen, lets say I have been access to server named pngpcdb1with a userid and password ...!!! and also please explain in detail the concept of these keys and ssh as I was planning to use them in ftp related scripts..! Thanks in... (1 Reply)
Hi i am using solaris 10.I am trying to setup a public/private key but it is not working.Appreciate your repsonse on it
There are two servers DB1 server and DB2 server.
1)I have generated public/private key using below step on both servers.
ssh-keygen -t rsa
2)From DB1 server moved the... (6 Replies)
Hi,
What tool is used to generate public and private keys for SCP?
Do you have an example script that generates these keys, puts them in files and then another example script that references them from SCP?
Thanks, (9 Replies)
Hi All,
I have a requirement where i need to check if an rsa public key corresponds to a private key and hence return success or failure. Currently i am using the command
diff <( ssh-keygen -y -e -f "$PRIVKEY" ) <( ssh-keygen -y -e -f "$PUBLICKEY" )
and its solving my purpose. This is in... (1 Reply)
Hi,
we have private and public key, encrypt file using public and want to decrypt using private key. can you please advise below commands are correct or other remedy if unix have?
encrypt -a arcfour -k publickey.asc -i TESTFILE.csv -o TESTFILE00.csv
decrypt -a arcfour -k privatekey.asc... (2 Replies)
I have a user account configuration with ssh public/private key that works on multiple servers centos and rhel. One server (Server F) that is not working in centos 6.8. When i ssh into server f I get prompted for a password. I have verified the config and it all is good. I put sshd into debug... (8 Replies)
Discussion started by: bash_in_my_head
8 Replies
LEARN ABOUT DEBIAN
shib-keygen
SHIB-KEYGEN(8) Shibboleth SHIB-KEYGEN(8)NAME
shib-keygen - Generate a key pair for a Shibboleth SP
SYNOPSIS
shib-keygen [-bf] [-e entity-id] [-g group]
[-h hostname] [-o output-dir] [-u user] [-y years]
DESCRIPTION
Generate a self-signed X.509 certificate for a Shibboleth SP. By default, the certificate will be for the local fully-qualified (as
returned by "hostname --fqdn") hostname. An entity ID can be specified with the -e flag. The openssl command-line client is used to
generate the key pair. By default, the public certificate will be created in /etc/shibboleth/sp-cert.pem and the private key in
/etc/shibboleth/sp-key.pem.
OPTIONS -b Suppress all standard error output when creating the certificate. This option is normally only used by the package build.
-e entity-id
Add entity-id (which should be a URI) as an alternative name for the certificate.
-f Remove /etc/shibboleth/sp-cert.pem and /etc/shibboleth/sp-key.pem before generating a new certificate. Without this option, if those
files already exist, shib-keygen prints an error and exits rather than overwriting them.
-g group
After generating the key and certificate, change the group ownership of the key file to this group. By default, the group used is
"_shibd".
-h hostname
Specify the fully-qualified domain name for which to generate a certificate. If this option isn't given, the hostname defaults to the
result of "hostname --fqdn".
-o output-dir
Store sp-cert.pem and sp-key.pem in the directory output-dir rather than the default of /etc/shibboleth.
-u user
After generating the key and certificate, change the ownership of the key file to this user. This is used to allow the key to be read
by a non-root user so that shibd can be run as a non-root user. By default, the key is owned by "_shibd".
-y years
The number of years for which the certificate should be valid. The default expiration time is ten years into the future.
FILES
/etc/shibboleth/sp-cert.cnf
The OpenSSL configuration file used for generating the self-signed certificate. This configuration file is generated when the script
is run and deleted afterwards.
/etc/shibboelth/sp-cert.pem
The default location of the public certificate created by this script.
/etc/shibboleth/sp-key.pem
The default location of the private key for the certificate created by this script.
These three files are stored in the directory given with -o instead, if that option is given.
AUTHOR
This manual page was written by Russ Allbery for Debian GNU/Linux.
COPYRIGHT
Copyright 2008, 2011 Russ Allbery. This manual page is hereby placed into the public domain by its author.
2.4.3 2012-02-16 SHIB-KEYGEN(8)