LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   ssl certificate help (http://www.linuxquestions.org/questions/linux-security-4/ssl-certificate-help-889233/)

Norse 06-30-2011 12:46 PM

ssl certificate help
 
Hey every one I got in a new network appliance and it requires you to generate an ssl certificate for usage with it. This would normally be fine except the network appliance generates its own .csr file and you need to use its .csr file for your cert. This is where i run into problems because usually I would create a key and then use that key to create the .csr file and then use them both to self sign a ssl cert. but i have no idea how to generate a key for a .csr I have only every created a .csr for a key. If any one can understand my rambling a little help or direction would be great. Also I'm using suse to generate my certs.

Thank you,
Norse

anomie 06-30-2011 01:13 PM

The network appliance must have a pre-installed private key that was used to generate the CSR. (That's very annoying, BTW. I like to be able to use my own private key if I'd like.) Refer to their official documentation for details.

If you're comfortable with that, then send off the CSR and install the cert when you get it back. Done and done.

Noway2 06-30-2011 02:43 PM

Would this work: using openssl create a certificate authority (private) key and certificate. Then using the CA certificate, "sign" the certificate request (CSR) provided by the appliance with your CA key. This way, when you tell provide your CA key to the web browser, it should recognize the certificate presented by the appliance as valid. The procedure should be really similar to creating a security certificate for a browser and using this to access a page (btw, if you are looking for some how to tutorials, search for that).

TB0ne 06-30-2011 02:49 PM

Quote:

Originally Posted by Norse (Post 4400505)
Hey every one I got in a new network appliance and it requires you to generate an ssl certificate for usage with it. This would normally be fine except the network appliance generates its own .csr file and you need to use its .csr file for your cert. This is where i run into problems because usually I would create a key and then use that key to create the .csr file and then use them both to self sign a ssl cert. but i have no idea how to generate a key for a .csr I have only every created a .csr for a key. If any one can understand my rambling a little help or direction would be great. Also I'm using suse to generate my certs.

Thank you,
Norse

Try this:
Code:

openssl x509 -req -days 365 -in <filename>.csr -signkey <filename>.key -out <filename>.crt
Modify the days value accordingly, the man pages for openssl should help. The .csr is what you'd get from the appliance, the key is the key file you normally use to sign things, and the crt is the result that you'd get and/or use.

Norse 07-01-2011 07:11 AM

Yea this is so stupid and I definitely will never be getting another one of these things. Here is whats going on as of now the appliance dose not come with its own key as I have been told by the tech who is trying to configure it. it only comes with a .csr, I have tried creating my own key with openssl and then using that and the supplies .csr to sign my own cert but it will not except that. What has been found is that it must be a versign signed key or the appliance will not except it. O and btw the appliance is a citrix access gateway its one big POS! Also this may be of interest to some the only reason we got this for one of out customers is because they wear vnping into there system from home and on the road but they wear using Verizon myfi and when they switched to the 4G version we found the new 4G myfi doesn't support vnp. way to go verizon but this problem has been fixed with the newest version on the myfi when they switched from the Motorola myfi to there new manufacture about 2 weeks ago. so any 4G myfi's older then ~2 weeks dose not support vnp.

Thank You,
Norse


All times are GMT -5. The time now is 09:33 PM.