| Version 5 (modified by , 20 years ago) ( diff ) |
|---|
creating a PKCS12 certificate file
prerequisites
This assumes you are running a reasonable operating system which has openssl installed. This probably does not include Windows.
generating a private key and certificate request
Run the following command and provide reasonable answers to the questions it asks you:
[dkg@squeak cal]$ openssl req -newkey rsa:2048 -keyout cal-key.pem -out cal-req.pem Generating a 2048 bit RSA private key .......................................................................................................................................................+++ ...........+++ writing new private key to 'cal-key.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:New York Organization Name (eg, company) [Internet Widgits Pty Ltd]:Columbia University Astrophysics Laboratory Organizational Unit Name (eg, section) []:People Common Name (eg, YOUR name) []:Daniel Kahn Gillmor Email Address []:foo@bar.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [dkg@squeak cal]$
Now send the system administrator a copy of the new certificate request you just created called cal-req.pem, along with an explanation of why you should have an account. You're not done yet! All you've created so far is a key and a certificate request. The system administrator still needs to provide you with a full-fledged certificate.
creating the PKCS12 from the generated certificate
After receiving and verifying your certificate request, the system administrator will send you a file called cal-cert.pem. You should now run the following command:
[dkg@squeak cal]$ openssl pkcs12 -export -in cal-cert.pem -inkey cal-key.pem -out cal-cert.p12 -name "My CAL Certificate" Enter pass phrase for dkg-cal-key.pem: Enter Export Password: Verifying - Enter Export Password: [dkg@squeak cal]$
Now you have cal-cert.p12, which should be able to be loaded into your favorite web browser.
putting the certificate in different web browsers
configuring Mozilla
Under Mozilla, choose "Edit|Preferences", then select "Privacy and Security" in the left-hand pane, and choose "Certificates" from the sub-menu.
Click "Manage Certificates", ensure that the "Your Certificates" tab is active, and choose "import". Point Mozilla at cal-cert.p12, and give it the password you gave in the "Export Password" step above. Mozilla should now know how to identify you to the server.
configuring Firefox
Under firefox, choose "Edit", "Preferences", then under "Advanced", expand the "Certificates" section. Click "Manage Certificates". Ensure that the "Your Certificates" tab is active, and choose "import". Point Firefox at cal-cert.p12, and give it the password you gave in the "Export Password" step above. Firefox should now know how to identify you to the server.
