X509_extensions = usr_cert # The extensions to add to the cert Private_key = $dir/ca/new_ca_pk.pem # The private key Serial = $dir/serial # The current serial number New_certs_dir = $dir/newcerts # Default place for new certsĬertificate = $dir/ca/new_ca.pem # The CA certificate This certificate identity matches any three-component host name in the domain .Ĭopy the sample openssl.cnf from your OpenSSL installation to the X509CA directory.Įdit the openssl.cnf to reflect the directory structure of the X509CA directory, and to identify the files used by the new CA.Įdit the section of the openssl.cnf file to look like the following:Ĭerts = $dir/certs # Where issued certs are keptĬrl_dir = $dir/crl # Where the issued crl are keptĭatabase = $dir/index.txt # Database index file For example, you can define the subjectAltName as follows: The HTTPS protocol also supports the wildcard character, \*, in host names. SubjectAltName=DNS:Where the HTTPS protocol matches the server host name against either of the DNS host names listed in the subjectAltName (the subjectAltName takes precedence over the Common Name). If you generate your certificates using the openssl utility, edit the relevant line of your openssl.cnf configuration file to specify the value of the subjectAltName extension, as follows: Then you can define a subjectAltName that explicitly lists both of these DNS host names. In this case, it is necessary to define a certificate with multiple, alternative identities, and this is only possible using the subjectAltName certificate extension.įor example, if you have a multi-homed host that supports connections to either of the following host names: If you deploy a certificate on a multi-homed host, however, you might find it is practical to allow the certificate to be used with any of the multi-homed host names. Using the subject DN’s Common Name for the certificate identity has the disadvantage that only one host name can be specified at a time. ASN.1 and Distinguished Names"Ĭollapse section "A. Setup Fuse Credential Store on KarafĮxpand section "A. Fuse Credential Store"Ĭollapse section "8. Providing Encryption Keys and Signing KeysĮxpand section "8. Specifying Parts of Message to Encrypt and SignĦ.2.6. Specifying a SymmetricBinding PolicyĦ.2.5. Specifying an AsymmetricBinding PolicyĦ.2.4. Basic Signing and Encryption ScenarioĦ.2.3. Introduction to SOAP Message ProtectionĦ.2.2. SOAP Message Protection"Ĭollapse section "6.2. The WS-Policy Framework"Įxpand section "6.2. The WS-Policy Framework"Ĭollapse section "5. Configuring HTTPS Cipher Suites"Įxpand section "5. Configuring HTTPS Cipher Suites"Ĭollapse section "4. Deploying Own Certificate for HTTPSĮxpand section "4. Specifying an Application’s Own Certificate"ģ.3.1. Specifying an Application’s Own Certificate"Ĭollapse section "3.3. Specifying an Application’s Own CertificateĮxpand section "3.3. Specifying Trusted CA Certificates for HTTPSģ.3. When to Deploy Trusted CA Certificatesģ.2.2. Specifying Trusted CA Certificates"ģ.2.1. Specifying Trusted CA Certificates"Ĭollapse section "3.2. Authentication Alternatives"Įxpand section "3.2. Authentication Alternatives"Ĭollapse section "3.1. Use the CA to Create Signed PKCS#12 CertificatesĮxpand section "3.1. Use the CA to Create Signed Certificates in a Java KeystoreĢ.5.4. Creating Your Own Certificates"Ĭollapse section "2.5. Special Requirements on HTTPS CertificatesĮxpand section "2.5. Introduction to Certificate AuthoritiesĢ.2.2. Certification Authorities"Ĭollapse section "2.2. Managing Certificates"Įxpand section "2.2. Managing Certificates"Ĭollapse section "2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |