summaryrefslogtreecommitdiff
path: root/tests/aleksey-xmldsig-01/README
diff options
context:
space:
mode:
Diffstat (limited to 'tests/aleksey-xmldsig-01/README')
-rw-r--r--tests/aleksey-xmldsig-01/README47
1 files changed, 47 insertions, 0 deletions
diff --git a/tests/aleksey-xmldsig-01/README b/tests/aleksey-xmldsig-01/README
new file mode 100644
index 00000000..7b12f7b3
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/README
@@ -0,0 +1,47 @@
+README
+http://groups.google.com/groups?hl=en&threadm=9jlbt7%243141%241%40FreeBSD.csie.NCTU.edu.tw&rnum=20&prev=/groups%3Fq%3Dopenssl%2Bx509%2Bcertificates%2Bchain%26start%3D10%26hl%3Den%26selm%3D9jlbt7%25243141%25241%2540FreeBSD.csie.NCTU.edu.tw%26rnum%3D20
+http://www.post1.com/home/ngps/m2/howto.ca.html
+
+
+Commands:
+
+(0) create new CA and modify the openssl.cnf file
+to point to it
+
+> CA.pl -newca
+
+(1) a self-signed des3 root ca cert, using
+
+> openssl genrsa -des3 -out ca.key
+> openssl req -new -key ca.key -out ca.csr
+> openssl x509 -req -signkey ca.key -out ca.crt -in ca.csr
+
+verify ca.crt
+
+> openssl x509 -text -in ca.crt
+
+(2) a second ca cert, signed by the first ca, using
+
+> openssl genrsa -des3 -out ca2.key
+> openssl req -new -key ca2.key -out ca2.csr
+> openssl ca -cert ca.crt -keyfile ca.key -out ca2.crt -infiles ca2.csr
+
+verify ca2.crt
+
+> openssl x509 -text -in ca2.crt
+> openssl verify -CAfile ca.crt ca2.crt
+
+
+(3) a user cert using
+
+> openssl genrsa -des3 -out user.key
+> openssl req -new -key user.key -out user.csr
+> openssl ca -cert ca2.crt -keyfile ca2.key -out user.crt -infiles user.csr
+
+
+verify user.crt
+
+> openssl x509 -text -in ca3.crt
+> openssl verify -CAfile ca.crt -untrusted ca2.crt user.crt
+
+