Μετάβαση στο κύριο περιεχόμενο

The reality and the future of software engineering

Δημοσίευση σχολίου

Handling Certificates: Private Keys, CSRs, Certificates, PFX/PKCS12 Format

A common issue when integrating components accross the boundaries of an organization (or sometimes even within) is the utilization of certificates for improving the security of the machine-to-machine communication. More specifically, certificates and cryptography can be used to mitigate man-in-the-middle risks as well as provide a framework for authentication (client-side certificates). In this post, I will use OpenSSL, which is an open source tool, to demonstrate how:
  1. to create a private key
  2. to create and sign a CSR (Certificate Signing Request)
  3. to bundle certificates and private key in PFX/PKCS12 files
The above steps are typically applied when client authentication is performed with a client-side certificate. In a nutshell, the service consumer needs to provide a CSR signed with her private key (either independently created (1), or created along the CSR creation (3)). Then the consumer sends the CSR to the provider who typically serves as a CA and creates a certificate for the provided CSR (typically a .crt file). The certificate file is returned to the consumer and it is usually bundled with the private key (and probably other certificates in its certificate chain) in a PFX/PKCS12 file (3), so that application servers and runtimes can use them. (In a subsequent post I plan to demonstrate how such certificates can be installed to a Windows machine in order to be used by browsers or custom applications.)
So if you are the service consumer of a similar situation keep reading.


First of all, a copy of OpenSSL needs to be downloaded and installed. For Linux users, OpenSSL is typically installed but if not you can easily download and install it from OpenSSL.org. For Windows users, you can download from here, selecting one of the available choices. Then, you may want to add the path of openssl.exe to your %PATH%. Finally, you can start using it though the command prompt.

1. Creating a Private Key

openssl genrsa -out private.key 2048

2. Creating and Signing a CSR

openssl req -new -sha256 -key private.key -out mycsr.csr

3. Bundling Certificates and Private Key into a PFX/PKCS12 file

openssl pkcs12 -export -out certs.pfx -inkey private.key -in mycert.crt -certfile CA.crt
Ετικέτες

Σχόλια

Δημοσίευση σχολίου

Δημοφιλείς αναρτήσεις από αυτό το ιστολόγιο

Counting Words, Characters and Lines with Notepad++

One of the best text editors in Windows is Notepad++ as it is lightweight, it provides a wealth of useful functionality –let alone the possible extensions through plugins. File Summary A useful feature of Notepad++ is that you can easily get a view on the size metrics of the document you are currently working on (characters, words, lines, etc). However, the menu is not that intuitive on finding that capability. So in order to get the above values you should go to: View >> Summary… The summary contains the following: Full path Created Modified File length (in byte) Characters (without blanks) Words Lines Current document length Selected Area Summary Nevertheless, the above summary provides file-level statistics and it may only provide the number of bytes and characters of a selected area. In order to count the word, characters, lines, etc. for just a selected part of the file you can install and use the TextFX Character plugin through the...
2 σχόλια
Διαβάστε περισσότερα

Software Engineering Stories blog: reborn

Well, to be honest, a few of years ago I created this blog with one primary intention: web logging software engineering stories that were taking place on the field.   Being an active software engineer/programmer/developer or code monkey, I was always spending time to trivial things that would be executed, forgotten and at some point needed to be rediscovered (or even reinvented) again and again. Or sometimes to inefficient approaches that myself or fellow programmers were following for which, at some point, I found a faster, easier or simpler way of executing them. Ultimately this blog was supposed to start with documenting trivial day-to-day operational task optimizations, or hacks, and proceed to more abstract software design or architecture discussions. And then it was abandoned due to a number of reasons. But now I'm back and excited to add useful, up-to-date content of software engineering stories, tricks and even unconventional  ways to accomplish this. As technolog...
Δημοσίευση σχολίου
Διαβάστε περισσότερα

Visual Studio 2015 and Git: part 1, cloning a repository

So, your manager sent you a URL and told you to go fix that little C# library that causes all that trouble, which, by the way, is hosted on a git server somewhere online. You have to send him back the new dll ASAP so that his promotion is not at stake. The bad news is that you have no clue how you do that -after all you are a Java developer and use SVN. The good news is that you found this blog. Worry no more, this 6-post-long quick guide is here for you to walk you through using the Visual Studio 2015 Git plugin to effortlessly accompish the following things: 1. clone a repository (presented in this post) 2. create a branch 3. commit changes 4. merge branches 5. pull changes from the repository 6. push your commited changes to the repository The idea here is to help beginners use the VS2015 Git plugin to quickly set up their environment so that their managers get their promotions and they skip studying the command-line git dissertation help pages or wandering thro...
Δημοσίευση σχολίου
Διαβάστε περισσότερα