Versions Compared

Old Version 15

changes.mady.by.user jim mason

Saved on

compared with

New Version Current

changes.mady.by.user jim mason

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Key Points

...

openssl req -x509 -sha256 -outform PEM -days 1000 -out jmason2-crt.pem -new -newkey rsa:2048 -nodes 
-keyout jmason2-key.pem -passin file:passfile.txt

Generating a RSA private key
...........................................................+++++
.......................................................................................................+++++
writing new private key to 'jmason2-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:US
State or Province Name (full name) [MA]:MA
Locality Name (eg, city) []:North Attleboro
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Paramount Software Solutions
Organizational Unit Name (eg, section) []:software
Common Name (e.g. server FQDN or YOUR name) []:Jim Mason
Email Address []:.

openssl req options

-outform DER|PEM

This specifies the output format, the options have the same meaning and default as the -inform option.

-in filename

This specifies the input filename to read a request from or standard input if this option is not specified. A request is only read if the creation options (-new and -newkey) are not specified.

-x509

This option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file. Unless specified using the set_serial option, a large random number will be used for the serial number.

If existing request is specified with the -in option, it is converted to the self signed certificate otherwise new request is created.

Openssl simple CA app to sign requests

https://www.openssl.org/docs/man1.1.0/man1/ca.html

openssl.org-ca.pdf

Potential Value Opportunities

...

+++++
writing new private key to 'jmason2-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:US
State or Province Name (full name) [MA]:MA
Locality Name (eg, city) []:North Attleboro
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Paramount Software Solutions
Organizational Unit Name (eg, section) []:software
Common Name (e.g. server FQDN or YOUR name) []:Jim Mason
Email Address []:.



openssl req options

-outform DER|PEM

This specifies the output format, the options have the same meaning and default as the -inform option.

-in filename

This specifies the input filename to read a request from or standard input if this option is not specified. A request is only read if the creation options (-new and -newkey) are not specified.

-x509

This option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file. Unless specified using the set_serial option, a large random number will be used for the serial number.

If existing request is specified with the -in option, it is converted to the self signed certificate otherwise new request is created.





Openssl simple CA app to sign requests

https://www.openssl.org/docs/man1.1.0/man1/ca.html

openssl.org-ca.pdf




Potential Value Opportunities



Potential Challenges


Java app accesses web site with invalid certificate

https://www.infopackets.com/news/10023/how-fix-java-expired-or-not-yet-valid-certificate-error

whenever I try to access my work's website (which uses a Java applet), I receive an error message that says: 'Your security settings have blocked an application with an expired or not-yet-valid certificate from running.' I cannot proceed past that, and am therefore unable to access the website

Analysis steps

By clicking on the padlock with the (!) warning, the browser reported "Connection not secure"; I then clicked to view "More information" and then on the "View certificate" page, I could clearly see that the HTTPS certificate had in fact expired some time last year. This was the reason that the Java applet was reporting an error and would not proceed.

For Google Chrome try

Edit Settings > Privacy & Security > Web site exceptions > not secure connection = allow


How to Fix Java Expired or not-yet-valid Certificate Error.pdf



Candidate Solutions



Step-by-step guide for Example

...