How do I issue SSL Certificate?

Discussion in 'Security Software' started by David Sharman, Sep 11, 2006.

  1. I require a digital signature and private key for uploading onto a
    router/gateway in order to provide ssl connectivity for the web interface of
    the gateway through which users will log on to gain access to the Internet.

    The digital signature has to have a "CRT" extension and the private key
    requires a "KEY" extension. I have been informed by the manufacturer that I
    need a Base64 encoded digital certificate, do I need any other information
    in order to create a valid digital certificate for use on the gateway?

    How can I do this using Windows Server 2003 SP1? Also, should I select Stand
    Alone CA or Enterprise CA when installing Digital Services on the Server
    itself?

    Users of the gateway will log on the gateway from a public LAN and the
    gateway will verify log on details via RADIUS using the Windows 2003 Server
    on a Private Network.

    Thank you for your assistance

    David Sharman
    Regional Computer Services
     
    David Sharman, Sep 11, 2006
    #1
    1. Advertisements

  2. David Sharman

    S. Pidgorny Guest

    Interesting. The thing is that .key/.crt aren't describing general
    convention on encoding cryptomaterial. The gateway vendor name/device model
    would help.

    I assume that the key/cert files are those in OpenSSL sense. I generally
    recommend OpenSSL as the conversion tool of choice.

    You start with enrolling and export it into a PKCS #12 (.p12/.pfx) file.
    Details for that, for example, please find at
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/advcert.mspx

    Then you use OpensSSL for conversions. The commandlines would be something
    like this:

    openssl pkcs12 -clcerts -nokeys -in mypersonalkey.p12 -out mypersonalkey.crt
    openssl pkcs12 -clcerts -nocerts -in mypersonalkey.p12 -out
    mypersonalkey.key

    (copy/paste from
    http://support.globalsign.net/en/serversign/apachemodssl.cfm)

    You can get OpenSSL binaries for Windows here:
    http://www.slproweb.com/products/Win32OpenSSL.html
     
    S. Pidgorny, Sep 11, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.