Table of Contents |
---|
Key Points
...
openssl req -x509 -sha256 -outform PEM -days 1000 -out jmason2-crt.pem -new -newkey rsa:2048 -nodes
-keyout jmason2-key.pem -passin file:passfile.txt
Generating a RSA private key
...........................................................+++++
.......................................................................................................+++++
writing new private key to 'jmason2-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:US
State or Province Name (full name) [MA]:MA
Locality Name (eg, city) []:North Attleboro
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Paramount Software Solutions
Organizational Unit Name (eg, section) []:software
Common Name (e.g. server FQDN or YOUR name) []:Jim Mason
Email Address []:.
openssl req options
-outform DER|PEM
This specifies the output format, the options have the same meaning and default as the -inform option.
-in filename
This specifies the input filename to read a request from or standard input if this option is not specified. A request is only read if the creation options (-new and -newkey) are not specified.
-x509
This option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file. Unless specified using the set_serial option, a large random number will be used for the serial number.
If existing request is specified with the -in option, it is converted to the self signed certificate otherwise new request is created.
Openssl simple CA app to sign requests
https://www.openssl.org/docs/man1.1.0/man1/ca.html
Potential Value Opportunities
...
+++++
writing new private key to 'jmason2-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:US
State or Province Name (full name) [MA]:MA
Locality Name (eg, city) []:North Attleboro
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Paramount Software Solutions
Organizational Unit Name (eg, section) []:software
Common Name (e.g. server FQDN or YOUR name) []:Jim Mason
Email Address []:.
openssl req options
-outform DER|PEM
This specifies the output format, the options have the same meaning and default as the -inform option.
-in filename
This specifies the input filename to read a request from or standard input if this option is not specified. A request is only read if the creation options (-new and -newkey) are not specified.
-x509
This option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file. Unless specified using the set_serial option, a large random number will be used for the serial number.
If existing request is specified with the -in option, it is converted to the self signed certificate otherwise new request is created.
Openssl simple CA app to sign requests
https://www.openssl.org/docs/man1.1.0/man1/ca.html
Potential Value Opportunities
Potential Challenges
Java app accesses web site with invalid certificate
https://www.infopackets.com/news/10023/how-fix-java-expired-or-not-yet-valid-certificate-error
whenever I try to access my work's website (which uses a Java applet), I receive an error message that says: 'Your security settings have blocked an application with an expired or not-yet-valid certificate from running.' I cannot proceed past that, and am therefore unable to access the website
Analysis steps
By clicking on the padlock with the (!) warning, the browser reported "Connection not secure"; I then clicked to view "More information" and then on the "View certificate" page, I could clearly see that the HTTPS certificate had in fact expired some time last year. This was the reason that the Java applet was reporting an error and would not proceed.
For Google Chrome try
Edit Settings > Privacy & Security > Web site exceptions > not secure connection = allow
How to Fix Java Expired or not-yet-valid Certificate Error.pdf
Candidate Solutions
Step-by-step guide for Example
...