generate key

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

generate key

Michael Ciupka-2
Hello,

I will generate a certificate and a private key for my server (openxcap)
- tls/server.crt
- tls/server.key

i dont know how to generate this files.


regards
michael

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: generate key

Uwe Kastens
Hi Michael,

Try searching for openssl.

http://sial.org/howto/openssl/self-signed/

BR

Uwe

> Hello,
>
> I will generate a certificate and a private key for my server (openxcap)
> - tls/server.crt
> - tls/server.key
>
> i dont know how to generate this files.
>
>
> regards
> michael
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>


--

kiste lat: 54.322684, lon: 10.13586

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: generate key

osiris123d
Be sure to read through the links that you are given so that you have a good understanding, but here are the steps I always take


Now we need to create the TLS certifications and Keys (http://www.imacat.idv.tw/tech/sslcerts.html Read Create a Server Certificate)
openssl genrsa -des3 -out /etc/ssl/private/openxcap.key 2048 <------ Set the password to whatever you want
chmod og-rwx /etc/ssl/private/openxcap.key
openssl req -new -key /etc/ssl/private/openxcap.key -out /tmp/openxcap.req
US
State
City
Home
Home
openxcap01.blahblah.com CA

openssl x509 -req -days 7305 -sha1 \
-extfile /etc/ssl/openssl.cnf -extensions v3_ca \
-signkey /etc/ssl/private/openxcap.key \
-in /tmp/openxcap.req -out /etc/ssl/certs/openxcap.crt

rm -f /tmp/openxcap.req


openssl genrsa -out /etc/openxcap/tls/openxcapserver.key 2048
chmod og-rwx /etc/openxcap/tls/openxcapserver.key
openssl req -new -key /etc/openxcap/tls/openxcapserver.key -out /tmp/openxcapserver.req ********BE SURE NOT TO SET A PASSWORD******
US
State
City
Home
Home
openxcap01.blahblah.com

openssl x509 -req -days 3650 -sha1 \
-extfile /etc/ssl/openssl.cnf -extensions v3_req \
-CA /etc/ssl/certs/openxcap.crt -CAkey /etc/ssl/private/openxcap.key \
-CAserial /etc/ssl/openxcap.srl -CAcreateserial \
-in /tmp/openxcapserver.req -out /etc/openxcap/tls/openxcapserver.crt


openxcap.crt is the key that needs to be given out to the clients (Bria) - Copy it to the desktop, open IE and click on Tools -> Internet Options -> Content Tab -> Certifications Button -> Import -> And select "Automatically select the certificate store based on the type of certificate"
Then configure Bria with the following
Presence Tab - Mode = Presence Agent
Storage Tab - Storage Method = XCAP
Root URL: https://openxcap01.blahblah.com/xcap-root/


Good Luck


On Apr 8, 2009 4:28am, Uwe Kastens <[hidden email]> wrote:

> Hi Michael,
>
>
>
>
>
> Try searching for openssl.
>
>
>
>
>
> http://sial.org/howto/openssl/self-signed/
>
>
>
>
>
> BR
>
>
>
>
>
> Uwe
>
>
> > Hello,
>
>
> >
>
>
> > I will generate a certificate and a private key for my server (openxcap)
>
>
> > - tls/server.crt
>
>
> > - tls/server.key
>
>
> >
>
>
> > i dont know how to generate this files.
>
>
> >
>
>
> >
>
>
> > regards
>
>
> > michael
>
>
> >
>
>
> > _______________________________________________
>
>
> > Users mailing list
>
>
> > [hidden email]
>
>
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> >
>
>
>
>
>
>
>
>
> --
>
>
>
>
>
> kiste lat: 54.322684, lon: 10.13586
>
>
>
>
>
> _______________________________________________
>
>
> Users mailing list
>
>
> [hidden email]
>
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users