9 More Discussions You Might Find Interesting
1. What is on Your Mind?
Today, I noticed some errors in our SSL cert renewal log files, mostly related to domains where the IP address had changed. Concerned about this, rebuilt out SSL cert, which normally goes well without a hiccup.
However, for today, for some reason which I cannot explain, there was a PHP error... (0 Replies)
Discussion started by: Neo
0 Replies
2. UNIX for Dummies Questions & Answers
How do I find out the SSL cert info on the local server?
How do I know if an ssl cert is installed on local server?
How it was issued to?
Who was the issuer?
What's the expiration date?
Any other relevant information? (1 Reply)
Discussion started by: scj2012
1 Replies
3. UNIX for Advanced & Expert Users
Hey Guys,
I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get... (0 Replies)
Discussion started by: s ladd
0 Replies
4. Linux
Hi,
I have a doubt..whether the SSL/TLS protocol uses the public key of the web server to encrypt data before sending it.
I knew the browser verifies the public key of the web server using the digital certificate (by verifying the signature of the certificate using trusted authority). whether... (2 Replies)
Discussion started by: chaitus.28
2 Replies
5. Solaris
How do I generate an SSL string in solaris 10? (3 Replies)
Discussion started by: Kjons76
3 Replies
6. UNIX for Dummies Questions & Answers
Hi everyone,
I have a quick/newb question:
I know that a public key is used to encrypt data and a private key is used to decrypt data but who keeps the public/private keys??
Does the Web Server hold both?
Does the Web Server have the public key and does the client have the private key? ... (3 Replies)
Discussion started by: tical00
3 Replies
7. Shell Programming and Scripting
Hello,
I need assistance with creating a shell script to generate SSL Certificate Requests on remote hosts. Below is my stab at this, but I cannot figure out how to pass the requested arguments into the openssl command correctly. I have a major problem with redirecting the "answers" into the... (2 Replies)
Discussion started by: azvelocat
2 Replies
8. Solaris
We are running Apache 1.3 on solaris 8 we have renewed our ssl key with verisign. They have confirmed renewel and new ssl certifcate is appended to the end of the email.
out apache config file has two directives
SSLCertificateFile /export/home/apache/conf/ssl.crt/xxxx.crt
SSLCertificationKeyFile... (2 Replies)
Discussion started by: Tirmazi
2 Replies
9. HP-UX
Hi there,
After setup my apache server, I have using mkcert.sh file to generate a SSL key. But when I tried to start my apache server it is prompted me to enter the pass phrase password, in fact I had entered the same correct password which I provided during the key generation and it give me the... (0 Replies)
Discussion started by: e_jeffhang
0 Replies
GENKEY(1) Cryptography Utilities GENKEY(1)
NAME
genkey - generate SSL certificates and certificate requests
SYNOPSIS
genkey [--test] [--days count] [[--genreq] | [--makeca] | [--nss] | [--renew] | [--cacert]] {hostname}
DESCRIPTION
genkey is an interactive command-line tool which can be used to generate SSL certificates or Certificate Signing Requests (CSR). Generated
certificates are stored in the directory /etc/pki/tls/certs/, and the corresponding private key in /etc/pki/tls/private/.
When using mod_nss the private key is stored in the nss database. Consult the nss.conf file in /etc/httpd/conf.d/ for the location of the
database.
genkey will prompt for the size of key desired; whether or not to generate a CSR; whether or not an encrypted private key is desired; the
certificate subject DN details.
genkey generates random data for the private key using the truerand library and also by prompting the user for entry of random text.
nss indicates that mod_nss database should be used to store keys and certificates.
OPTIONS
--makeca
Generate a Certificate Authority keypair and certificate.
--genreq
Generate a Certificate Signing Request for an existing private key, which can be submitted to a CA (for example, for renewal).
--renew
Used with --genreq to indicate a renewal, the existing keypair will be used. Certs and keys must reside in the nss database, therefore
--nss is also required. Pem file based cert renewal is not currently supported.
--cacert
The certificate renewal is for a CA, needed for openssl certs only.
--days count
When generating a self-signed certificate, specify that the number of days for which the certificate is valid be count rather than the
default value of 30.
--test
For test purposes only; omit the slow process of generating random data.
EXAMPLES
The following example will create a self-signed certificate and private key for the hostname www.example.com:
# genkey --days 120 www.example.com
The following example will create a self-signed certificate and private key for the hostname www.nssexample.com which will be stored in
cert and key in the nss database. If no nickname is given the tool will extract it from mod_nss's nss configuration file.
# genkey --days --nss 120 www.nssexample.com
The following example will generate a certificate signing request for a new mod_nss style cert specified by its nickname, Server-Cert:
# genkey --genreq --nss --days 120 Server-Cert
The following example will generate a certificate signing request for the renewal of an existing mod_nss cert specified by its nickname,
Server-Cert:
# genkey --genreq --renew --nss --days 120 Server-Cert
FILES
/etc/pki/tls/openssl.cnf
SEE ALSO
certwatch(1), keyrand(1)
crypto-utils 2.4.1 9 June 2014 GENKEY(1)