DRAFT: OpenSSL and who signed what PDF Print E-mail
User Rating: / 1
Written by Michael Felt   

Getting started with OpenSSL and self-signed keys

 This is a DRAFT article - LIKE/RT on twitter to indicate interest (or RT a down vote). Or - respond at "draft-articles " - Thanks!

a) The one command way
b) the multi-command way - because you want to make multiple keys - all signed by a common key (i.e. self-CA)

Show how step b) compares to using "commercial" CA with using "self-signed" CA.


The one-command way is great for experimentation - where your focus is actually on getting the application configuration right - which file gets connected where - before you go into the expense of actually paying for commerically signed keys.

The "multi-command" way is to go through the steps nearly all tutorials described as the only way. This multi-command way, because it starts with the creation of your 'self-signed CA' - is creating the "something special" that a commerical CA provides when their signing key is signed by a key included in 'rootCA kits".
More on that later.
The second step of this plan is the step you will always do - whether self-signed, or commercial signed: generate a certificate request and send the request to a CA for signing (aka verifying the data included in the request)
The third step is either done by yourself (acting as a self-signed Certificate Authority) or by a "commercial" aka "publically recognized" Certificate Authority (CA). This step is called signing - and the signed result is "sent back" to you.
Step 4: not sure whether to call this a signing step - because it is already signed. Now is the time to actually "just use" the certificate.
In the text to come - the certificate here is compared with the certificate generated "the one-step way".

Next >