Question

SEED Labs-PKI Lalb 2 Lab Tasks 2.1 Task 1: Becoming a Certificate Authority (CA) A Certificate Authority (CA) is a trusted entity that issues digital certificates. The digital certificate cert fes the ownership of a public key by the named subject of the certificate. A number of commercial CAs are treated as root CAs; VeriSign is the largest CA at the time of writing. Users wbo want to get digital certificates issued by the commercial CAs need to pay those CAs In this lab, we need to creale digital certificates, but we are not going to pay any commercial CA. We will become a root СА ourselves, and then use this CA to issue certificate for others (eg.servers). In this task, we will make ourselves a root CA, and generate a certificate for this CA. Unlike other certificates, which are usually signed by another CA, the root CA's certificates are self-signed. Root CA's certificates are usually pre-loaded into most operating systems, web browsens, and other software that rely on PKI. Root CA's certificates are unconditionally trusted. The Configuration File openssl.conf. In order to use Opensst to creale certificates, you have to have a conliguration ile. The configuration file usually has an extension enf. Itissed by three Opensst commands: ca, req and x509. The manual page of openssl.conf can be found using Google search. You can also get a copy of the configuration file from /asr/lib/ssl/openssl.ent. After copying this tile into your current directery, you need to creale several sub directories as specified in the configuration tile (look at the (CA.default1 section) denoch certs SaLrreexta s where the Issued cri are xops new.derta SdsetnONCOFdetaals place sor: nev:certs OIKEAndex.txtdatabase indexrie For the index.Ext lile, simply create an empty file. For the sersa1 le put a single cmber i string format e.g 1000) 1s the tilc. Once you have set up the configuration file opennal.enf you cas create and issue certificates. Certificate Authority (CAL As we descrabed belore, we need to genérute a self-signed certificale for our CA. This meats dut this CAIs totally trusted, and its certificate will serve as the noot certificate. You can run the folowing command togenerule the self-goed certificate for the CA You will be prompted for information and passwoed. Do not Tose this pass word, because you will have to type the passphrase euch time you want to use this CA to sign certificales for ohen You will aho be asked to fill in some inforeation,uch as the Country Name, Conmon Name, etc. The output of the command are stored in awd iles ca key und da.art. The Iile ca.key contains the CA's private key, while ca.crt comtains the public-key certficute 2.2 Task 2: Creating a Certificate for SEEDPKILab2018.com Now, we become a nxN CA. Wee realy o in digital centificates for our custoosiers Our tirsi cusoener nceds to go through three sdegs

Answer 1

seed [Running) - Oracle VM VirtualBox File Machine View Input Devices Text Editor Help t E )8:11 AM Home Desktop lab2 屳Home serial (-/Desktop/lab2) -gedit Desktop Documents Downloads Open ▼ R Save 1000 dd Music Pictures Videos OD Trash Network Computer Connect to Server Saving file"/home/seed/Desktop/lab2/ser Plain Text ▼ Tab Width: 8 ▼ 1, Col 5 INS し "serial" selected (5 bytes) ENG 5:41 PM ^ U: 176 19/04/2019 2

seed [Running) - Oracle VM VirtualBox File Machine View Input Devices Help Terminal t E )8:15 AM [04/19/19] seed@VM:~/.../lab2$ openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cn Generating a 2048 bit RSA private key writing new private key to 'ca.key' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: Verify failure Enter PEM pass phrase: Verifying - Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter'.', the field will be left blank Country Name (2 letter code) [AU]: S:45 PM 40) ENG 19/04/2019 2 U: 3.5 K

seed [Running) - Oracle VM VirtualBox File Machine View Input Devices Help Terminal Generating a 2048 bit RSA private key writing new private key to 'ca. key" Enter PEM pass phrase: Verifying - Enter PEM pass phrase: Verify failure Enter PEM pass phrase: Verifying - Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter'.', the field will be left blank. Country Name (2 letter code) [AU]:in State or Province Name (full name) [Some -State]:gj Locality Name (eg, city) []:bhuj Organization Name (eg, company) [Internet Widgits Pty Ltd]:abc Organizational Unit Name (eg, section) [] xyz Common Name (e.g. server FQDN or YOUR name) []:a Email Address []:[email protected] [04/19/ 19 ] seed@VM : ~/.../lab25 5:46 PM 40) ENG 19/04/2019 2

Generated certificates with password abcd@1234 keep it complex to avoid error

seed [Running) - Oracle VM VirtualBox File Machine View Input Devices Help lab2 Home Desktop lab2 certs 屳Home Desktop Documents Downloads crl ca.key index.txt openssl.cnf certs private ca.crt dd Music serial O Pictures Videos Trash Network Computer Connect to Server 5:46 PM ^ที่อ 40 ENG 19/04/2019 U: 2.1 K

if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and we can edit and change the answers if you argue, thanks :)