HOWTO.txt 1.31 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Generating a basic client SSL certificate for testing purposes:

The SSL certificates can be generated using the 'openssl' utility. To partially
automate this task, the 'gen_client_cert.sh' script is provided. This will
issue a new client certificate using the 'CA.pem' as a certification authority.

Note: such certificates are of course not considered trustworthy by common
web browsers and operating systems, they are only suitable for testing.

You can just run the script as follows:
./gen_client_cert.sh <output_filename>

Steps 2 and 3 (creating CSR and signing it) are the only ones that require
a user interaction.

2. Creating CSR:
When requested to enter certificate fields like Country Name or Locality Name,
you can enter any values you want or just use defaults by simply pressing
ENTER key. The only fileld that matters is the 'Email Address', which will be
used as the username by Jetconf server.

Do not enter any 'Challenge password'.

3. Signing CSR:
Enter the following password for test CA private key: ahoj

Now you should have the following files:
output_filename.pem	- the client certificate
output_filename.key - the client private key
output_filename_curl.pem - the combination of previous 2 files containing both
31 32
certificate and key. Some utilities like CURL expect the client certificate
to be in this combined form.