DRAFT: OpenSSL and who signed what |
|
|
|
Written by Michael Felt
|
Getting started with OpenSSL and self-signed keys
This is a DRAFT article - LIKE/RT on twitter to indicate interest (or RT a down vote). Or - respond at "draft-articles " - Thanks!
a) The one command way
b) the multi-command way - because you want to make multiple keys - all signed by a common key (i.e. self-CA)
Show how step b) compares to using "commercial" CA with using "self-signed" CA.
Introduction
The one-command way is great for experimentation - where your focus is actually on getting the application configuration right - which file gets connected where - before you go into the expense of actually paying for commerically signed keys.
The "multi-command" way is to go through the steps nearly all tutorials described as the only way. This multi-command way, because it starts with the creation of your 'self-signed CA' - is creating the "something special" that a commerical CA provides when their signing key is signed by a key included in 'rootCA kits".
More on that later.
The
second step of this plan is the step you will always do - whether
self-signed, or commercial signed: generate a certificate request and
send the request to a CA for signing (aka verifying the data included in
the request)
The third step is either done by yourself (acting
as a self-signed Certificate Authority) or by a "commercial" aka
"publically recognized" Certificate Authority (CA). This step is called
signing - and the signed result is "sent back" to you.
Step 4:
not sure whether to call this a signing step - because it is already
signed. Now is the time to actually "just use" the certificate.
In the text to come - the certificate here is compared with the certificate generated "the one-step way".
|
|
|
Archive
-
February, 2017
-
July, 2016
-
December, 2015
-
November, 2015
-
October, 2015
-
September, 2015
-
August, 2015
-
July, 2015
-
June, 2015
-
April, 2015
-
March, 2015
-
February, 2015
|