LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-17-2011, 06:18 AM   #1
bangshws
LQ Newbie
 
Registered: Oct 2011
Posts: 9

Rep: Reputation: Disabled
Can someone explain a bit about these ssl prompts?


Hi guys,
My knowledge about SSL is quite limited except the fact that I know we have a private key and a public key. But I'm not very sure about CA certificate things like that. My question is can you please explain how those things are used in the following :
Quote:
touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt # has prompts
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 # has prompts
What is private key, public key and thing like that?

Thanks,
 
Old 10-17-2011, 04:20 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,162

Rep: Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845
Quote:
Originally Posted by bangshws View Post
Hi guys,
My knowledge about SSL is quite limited except the fact that I know we have a private key and a public key. But I'm not very sure about CA certificate things like that. My question is can you please explain how those things are used in the following :


What is private key, public key and thing like that?
Code:
touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
These 3 steps created a private RSA-style key. Creating the empty file with 600 permission first makes sure there is no time where anybody else could see the key. The private key is just a file that has one interesting property -- from the private key it is easy to generate another file called a public key, but from the public key it is nearly impossible to generate the private key.

The other commands extract the public key from the private key and create a self-signed certificate digest with it. A certificate is just a document that claims certain authority. The only proof that the certificate is valid is that it contains a digest that is signed with a key. Only someone with access to the private key (we hope) could have created that certificate.
Certificates signed by a certificate authority (CA) should be trusted to the same extent that you trust any large corporation.

Normally, both the text of the certificate and the digest are concatenated in the cert file.
For examples, look in /etc/ssl/certs
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Why are there no smp kernels on 64 bit slack? Can someone explain? igadoter Slackware 11 09-03-2010 11:16 AM
LXer: Ubuntu SSL 2048-bit Key LXer Syndicated Linux News 0 03-21-2010 02:11 PM
bit strange ssl requirement pudhiyavan Linux - Server 2 10-23-2008 09:30 AM
(Samba 3.0.20) Vista prompts for username, XP prompts just for password Noffie Linux - Server 2 07-21-2008 10:26 AM
128 bit encryption SSL in Apache jbeiter Linux - Security 2 11-03-2004 09:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration