Configuring and Managing MPE/iX Internet Services (August 2002)

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System

151

152

153

154

155

156

157

158

159

160

Chapter 9

HP WebWise MPE/iX Secure Web Server

Server Keys and Certificates

156

Organizational Unit Name (eg, section) []:My Company CA

Common Name (eg, YOUR name) []:Certificate Authority

Email Address []:ca@mycompany.com

5. $ openssl x509 -noout -text -in ca.crt (displays the details of your newly created CA certificate)

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 0 (0x0)

Signature Algorithm: md5WithRSAEncryption

Issuer: C=US, ST=My State, L=My City, O=My Company, OU=My Company CA, CN=Certificate

Authority/Email=ca@mycompany.com

Validity

Not Before: Apr 13 18:29:50 2000 GMT

Not After : Apr 13 18:29:50 2001 GMT

Subject: C=US, ST=My State, L=My City, O=My Company, OU=My Company CA, CN=Certificate

Authority/Email=ca@mycompany.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public Key: (1024 bit)

Modulus (1024 bit):

00:a8:f9:f5:38:07:dd:6b:84:51:a6:34:43:15:fa:

ae:3c:08:24:dc:60:6d:ea:e4:ab:8d:13:f3:bb:48:

b9:e9:eb:e9:a7:74:58:87:4b:10:4b:a1:09:c0:c4:

7b:88:5e:9c:14:7b:da:bd:9f:5f:d2:b9:19:51:f0:

c3:a4:43:10:ec:13:6a:f9:72:25:e2:fe:6e:57:67:

0d:7a:dc:3f:a5:63:d2:d2:32:69:f3:d2:6d:1b:f3:

70:06:70:28:eb:a8:9f:06:ad:f1:ab:a3:30:db:a7:

54:37:f7:75:85:90:26:d0:28:e8:f6:d6:65:93:82:

ef:02:88:f4:c7:0b:91:1f:35

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Subject Key Identifier:

89:B4:C8:ED:17:82:61:39:C5:1D:9F:E9:12:73:75:C8:31:EA:DF:33

X509v3 Authority Key Identifier:

keyid:89:B4:C8:ED:17:82:61:39:C5:1D:9F:E9:12:73:75:C8:31:EA:DF:33

DirName:/C=US/ST=My State/L=My City/O=My Company/OU=My Company CA/CN=Certificate

Authority/Email=ca@mycompany.com

serial:00

X509v3 Basic Constraints:

CA:TRUE

Signature Algorithm: md5WithRSAEncryption

a7:3d:21:6a:b8:bf:f2:67:01:81:e6:05:56:89:8a:21:ab:bf:

d5:43:48:ad:06:af:51:66:2a:02:77:ba:30:41:57:26:a5:7c:

eb:00:a0:77:bf:b8:2b:03:91:59:92:1c:0b:8d:fc:16:27:c1:

75:d3:90:1c:fd:de:9b:21:e1:34:27:2c:1c:4c:36:9c:7a:5f:

16:bf:df:66:85:43:35:9e:b2:e8:2d:04:08:af:b1:60:84:3f:

3e:5f:67:2b:38:75:38:2d:58:28:36:a2:56:19:fb:b3:66:d2:

fd:8e:b9:30:02:5d:43:f9:57:bb:1f:b9:40:5d:32:b3:c0:4c:

ba:dd

6. $ chmod 400 ca.key ca.crt

Then sign your CSR with your CA certificate and move all files to their correct secure locations:

1. $ sign.sh ../ssl.csr/server.csr

CA signing: ../ssl.csr/server.csr -> ../ssl.csr/server.crt:

Using configuration from ca.config

Enter PEM pass phrase:********

Check that the request matches the signature

Signature ok

The Subjects Distinguished Name is as follows

countryName :PRINTABLE:’US’

stateOrProvinceName :PRINTABLE:’My State’

localityName :PRINTABLE:’My City’

organizationName :PRINTABLE:’My Company’

organizationalUnitName:PRINTABLE:’My Org’

commonName :PRINTABLE:’www.mycompany.com’