LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-30-2011, 12:46 PM   #1
Norse
LQ Newbie
 
Registered: Sep 2009
Posts: 5

Rep: Reputation: 0
ssl certificate help


Hey every one I got in a new network appliance and it requires you to generate an ssl certificate for usage with it. This would normally be fine except the network appliance generates its own .csr file and you need to use its .csr file for your cert. This is where i run into problems because usually I would create a key and then use that key to create the .csr file and then use them both to self sign a ssl cert. but i have no idea how to generate a key for a .csr I have only every created a .csr for a key. If any one can understand my rambling a little help or direction would be great. Also I'm using suse to generate my certs.

Thank you,
Norse
 
Old 06-30-2011, 01:13 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
The network appliance must have a pre-installed private key that was used to generate the CSR. (That's very annoying, BTW. I like to be able to use my own private key if I'd like.) Refer to their official documentation for details.

If you're comfortable with that, then send off the CSR and install the cert when you get it back. Done and done.
 
Old 06-30-2011, 02:43 PM   #3
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Would this work: using openssl create a certificate authority (private) key and certificate. Then using the CA certificate, "sign" the certificate request (CSR) provided by the appliance with your CA key. This way, when you tell provide your CA key to the web browser, it should recognize the certificate presented by the appliance as valid. The procedure should be really similar to creating a security certificate for a browser and using this to access a page (btw, if you are looking for some how to tutorials, search for that).
 
Old 06-30-2011, 02:49 PM   #4
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,601

Rep: Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570
Quote:
Originally Posted by Norse View Post
Hey every one I got in a new network appliance and it requires you to generate an ssl certificate for usage with it. This would normally be fine except the network appliance generates its own .csr file and you need to use its .csr file for your cert. This is where i run into problems because usually I would create a key and then use that key to create the .csr file and then use them both to self sign a ssl cert. but i have no idea how to generate a key for a .csr I have only every created a .csr for a key. If any one can understand my rambling a little help or direction would be great. Also I'm using suse to generate my certs.

Thank you,
Norse
Try this:
Code:
openssl x509 -req -days 365 -in <filename>.csr -signkey <filename>.key -out <filename>.crt
Modify the days value accordingly, the man pages for openssl should help. The .csr is what you'd get from the appliance, the key is the key file you normally use to sign things, and the crt is the result that you'd get and/or use.
 
Old 07-01-2011, 07:11 AM   #5
Norse
LQ Newbie
 
Registered: Sep 2009
Posts: 5

Original Poster
Rep: Reputation: 0
Yea this is so stupid and I definitely will never be getting another one of these things. Here is whats going on as of now the appliance dose not come with its own key as I have been told by the tech who is trying to configure it. it only comes with a .csr, I have tried creating my own key with openssl and then using that and the supplies .csr to sign my own cert but it will not except that. What has been found is that it must be a versign signed key or the appliance will not except it. O and btw the appliance is a citrix access gateway its one big POS! Also this may be of interest to some the only reason we got this for one of out customers is because they wear vnping into there system from home and on the road but they wear using Verizon myfi and when they switched to the 4G version we found the new 4G myfi doesn't support vnp. way to go verizon but this problem has been fixed with the newest version on the myfi when they switched from the Motorola myfi to there new manufacture about 2 weeks ago. so any 4G myfi's older then ~2 weeks dose not support vnp.

Thank You,
Norse
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to import/use CAcert SSL root certificate to use SSL with Xchat IRC client? GrapefruiTgirl Linux - Software 9 04-05-2011 09:54 AM
Apache with SSL does not load the 2nd SSL certificate janstapel Linux - Newbie 1 06-17-2010 09:32 PM
ssl certificate nagavinodh Linux - Newbie 1 11-05-2009 07:43 AM
SSL Certificate The_JinJ Linux - General 1 03-21-2005 11:46 PM
ssl-certificate twantrd Linux - General 1 03-31-2004 08:47 AM


All times are GMT -5. The time now is 09:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration