SSL Codesigning / Certificates general
Thorsten
3 April 2013, 15:00
Hello!
I'm trying to replace my Apache by Hiawatha but I'm struggling with the certificates. By now, I created a CA certificate and 3 other certificates which where signed using the CA.
- one for the server
- one for code signing
- one for the client
So far I could get the server-part running. But code signing doesn't work so far. Unfortunately Hiawatha seems to use certificates in a different way than apache and I'm not very used to this topic.
Thats the way if have created the certificates so far:
The CA
openssl req -x509 -newkey rsa:2048 -out ca.crt -keyout ca.key -days 365 \
-subj "/C=$CA_COUNTRY/ST=$CA_STATE/L=$CA_LOCATION/O=$CA_ORGANIZATION/CN=$CA_COMMON" \
-passin file:sslpass -passout file:sslpass
The Server:
openssl req -newkey rsa:2048 -keyout server.key -out server.req \
-subj "/C=$SSL_SERVER_COUNTRY/ST=$SSL_SERVER_STATE/L=$SSL_SERVER_LOCATION/O=$SSL_SERVER_ORGANIZATION/CN=$SERVER_COMMON" \
-passin file:sslpass -passout file:sslpass
# SIGN Certificate using CA Certificate
openssl ca -config ca.cnf -in server.req -out server.crt \
-passin file:sslpass -batch
Codesigning and Client is the same but have different filenames.
Then I use them the standard way in apache. In http.conf:
SSLCACertificateFile __CERTS_PATH__/ca.crt
SSLCertificateFile __CERTS_PATH__/server.crt
SSLCertificateKeyFile __CERTS_PATH__/server.key
Codesigning happens via this command:
openssl cms -sign -binary -noattr \
-certfile ca.crt \
-outform DER \
-signer codesign.crt \
-inkey codesign.key \
-in $HTTP_PATH/filename \
-out $HTTP_PATH/filename.sig
I need the *.crt and *.key files for third party software.
Last I need the files ca.crt \ client.crt \ client.key to build software including the Client certificate.
I tried adding the ca.crt to serverkey.pem (using cat ca.crt >> serverkey.pem)
but without success.
Hope you can help me using this certificates in Hiawatha.
Thank you in advance.
Thorsten
Hiawatha version: 9.0
Operating System: Ubuntu 12.10
Thorsten
3 April 2013, 17:15
Pls delete, I've solved the problems.
It's simply copying and "cating" the crt and key files.
Regards,
Thorsten
This topic has been closed.