Changes for page OpenSSL
Last modified by Sebastian Marsching on 2024/01/09 22:18
From version 1.2
edited by Sebastian Marsching
on 2022/04/03 22:18
on 2022/04/03 22:18
Change comment:
Added tag [Network]
To version 3.1
edited by Sebastian Marsching
on 2024/01/09 22:18
on 2024/01/09 22:18
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -7,7 +7,7 @@ 7 7 First we create an RSA key and certificate request for the CA: 8 8 9 9 ```bash 10 -openssl req -out ca.csr -keyout ca.key -newkey rsa:2048 10 +openssl req -out ca.csr -keyout ca.key -newkey rsa:2048 11 11 ``` 12 12 13 13 In the next step, we self-sign this certificate request in order to create the CA certificate: ... ... @@ -54,9 +54,23 @@ 54 54 extendedKeyUsage=clientAuth 55 55 nsCertType=client 56 56 57 +## Using an EC key 58 + 59 +In order to generate an eliptic curve key with the `req` command, a suitable parameters file has to be generated first: 60 + 61 +```bash 62 +openssl genpkey -genparam -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -out ec-p-256-params.pem 63 +``` 64 + 65 +Instead of the `P-256` curve, another curve can be chose of course. This parameter file can then be used with the `-newkey` parameter of the `req` command: 66 + 67 +```bash 68 +openssl req -out cert.csr -keyout cert.key -nodes -newkey params:ec-p-256-params.pem -sha256 69 +``` 70 + 57 57 # Importing a Certificate into the Java Keystore 58 58 59 -See [ Programming/Java/Keystore](https://sebastian.marsching.com/wiki/Programming/Java/Keystore).73 +See [[KeyStore|doc:Development.Java.KeyStore.WebHome]]. 60 60 61 61 ### Creating a PKCS#12 file 62 62