SEED Labs-PKI Lalb 2 Lab Tasks 2.1 Task 1: Becoming a Certificate Authority (CA) A Certificate Au...
SEED Labs-PKI Lalb 2 Lab Tasks 2.1 Task 1: Becoming a Certificate Authority (CA) A Certificate Authority (CA) is a trusted entity that issues digital certificates. The digital certificate cert fes the ownership of a public key by the named subject of the certificate. A number of commercial CAs are treated as root CAs; VeriSign is the largest CA at the time of writing. Users wbo want to get digital certificates issued by the commercial CAs need to pay those CAs In this lab, we need to creale digital certificates, but we are not going to pay any commercial CA. We will become a root СА ourselves, and then use this CA to issue certificate for others (eg.servers). In this task, we will make ourselves a root CA, and generate a certificate for this CA. Unlike other certificates, which are usually signed by another CA, the root CA's certificates are self-signed. Root CA's certificates are usually pre-loaded into most operating systems, web browsens, and other software that rely on PKI. Root CA's certificates are unconditionally trusted. The Configuration File openssl.conf. In order to use Opensst to creale certificates, you have to have a conliguration ile. The configuration file usually has an extension enf. Itissed by three Opensst commands: ca, req and x509. The manual page of openssl.conf can be found using Google search. You can also get a copy of the configuration file from /asr/lib/ssl/openssl.ent. After copying this tile into your current directery, you need to creale several sub directories as specified in the configuration tile (look at the (CA.default1 section) denoch certs SaLrreexta s where the Issued cri are xops new.derta SdsetnONCOFdetaals place sor: nev:certs OIKEAndex.txtdatabase indexrie For the index.Ext lile, simply create an empty file. For the sersa1 le put a single cmber i string format e.g 1000) 1s the tilc. Once you have set up the configuration file opennal.enf you cas create and issue certificates. Certificate Authority (CAL As we descrabed belore, we need to genérute a self-signed certificale for our CA. This meats dut this CAIs totally trusted, and its certificate will serve as the noot certificate. You can run the folowing command togenerule the self-goed certificate for the CA You will be prompted for information and passwoed. Do not Tose this pass word, because you will have to type the passphrase euch time you want to use this CA to sign certificales for ohen You will aho be asked to fill in some inforeation,uch as the Country Name, Conmon Name, etc. The output of the command are stored in awd iles ca key und da.art. The Iile ca.key contains the CA's private key, while ca.crt comtains the public-key certficute 2.2 Task 2: Creating a Certificate for SEEDPKILab2018.com Now, we become a nxN CA. Wee realy o in digital centificates for our custoosiers Our tirsi cusoener nceds to go through three sdegs
SEED Labs-PKI Lalb 2 Lab Tasks 2.1 Task 1: Becoming a Certificate Authority (CA) A Certificate Authority (CA) is a trusted entity that issues digital certificates. The digital certificate cert fes the ownership of a public key by the named subject of the certificate. A number of commercial CAs are treated as root CAs; VeriSign is the largest CA at the time of writing. Users wbo want to get digital certificates issued by the commercial CAs need to pay those CAs In this lab, we need to creale digital certificates, but we are not going to pay any commercial CA. We will become a root СА ourselves, and then use this CA to issue certificate for others (eg.servers). In this task, we will make ourselves a root CA, and generate a certificate for this CA. Unlike other certificates, which are usually signed by another CA, the root CA's certificates are self-signed. Root CA's certificates are usually pre-loaded into most operating systems, web browsens, and other software that rely on PKI. Root CA's certificates are unconditionally trusted. The Configuration File openssl.conf. In order to use Opensst to creale certificates, you have to have a conliguration ile. The configuration file usually has an extension enf. Itissed by three Opensst commands: ca, req and x509. The manual page of openssl.conf can be found using Google search. You can also get a copy of the configuration file from /asr/lib/ssl/openssl.ent. After copying this tile into your current directery, you need to creale several sub directories as specified in the configuration tile (look at the (CA.default1 section) denoch certs SaLrreexta s where the Issued cri are xops new.derta SdsetnONCOFdetaals place sor: nev:certs OIKEAndex.txtdatabase indexrie For the index.Ext lile, simply create an empty file. For the sersa1 le put a single cmber i string format e.g 1000) 1s the tilc. Once you have set up the configuration file opennal.enf you cas create and issue certificates. Certificate Authority (CAL As we descrabed belore, we need to genérute a self-signed certificale for our CA. This meats dut this CAIs totally trusted, and its certificate will serve as the noot certificate. You can run the folowing command togenerule the self-goed certificate for the CA You will be prompted for information and passwoed. Do not Tose this pass word, because you will have to type the passphrase euch time you want to use this CA to sign certificales for ohen You will aho be asked to fill in some inforeation,uch as the Country Name, Conmon Name, etc. The output of the command are stored in awd iles ca key und da.art. The Iile ca.key contains the CA's private key, while ca.crt comtains the public-key certficute 2.2 Task 2: Creating a Certificate for SEEDPKILab2018.com Now, we become a nxN CA. Wee realy o in digital centificates for our custoosiers Our tirsi cusoener nceds to go through three sdegs