[Lab 5.1] Certificate generation This lab shows an example of generating a certificate and have it...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
[Lab 5.1] Certificate generation This lab shows an example of generating a certificate and have it signed by a CA. In this instance we will not submit it to a commercial CA, we will play the role of the CA as well. The lab has 4 main steps: 1. Generate CA private key and certificate 2. Generate Web server's private key and Certificate Signature Request (CSR) 3. Sign the Web server's certificate request 4. Verify the certificate Lab helpful information: If openssl is not installed, the system will diplay the command to install it. You will need to install openssl if not already installed For information about openssl command: General information: man openssl or more openssl. Command specific help is provided for each subcommand, for example, for the openssl req command: man openssl-req or more openssl-req 1. Generate a private key. We will use the openssl utility. Information about it can be obtained from the man page for openssl, Use the command man openss! to display. You can find a copy of the man page in the Lab folder. issue the commands: sudo -i. This command will allow you to issue root level commands without repeatedly enter the sudo command and being prompted for a password each time. openssl version, to verify that openssl is installed and note the version number. openssl req -x509 -newkey rsa:4096 -days 365 -keyout ca-key.pem -out ca-cert.pem Explanation of qualifiers: -x509 to request a self signed certificate -newkey rsa:4096 Creates a new RSA private key of 4096 bits -days 365 How many days the certificate is valid -keyout ca-key.pem to create a private key named ca-key.pem -out ca-cert.pem to redirect the output into a file named ca-cert.pem instructor@instructor-VirtualBox:~$ [sudo] password for instructor: root@instructor-VirtualBox:~# OpenSSL 1.1.1f 31 Mar 2020 root@instructor-VirtualBox:~# 365 -keyout ca-key.pem -out ca-cert.pem Generating a RSA private key sudo -i openssl version openssl req -x509 -newkey rsa: 4096 -days writing new private key to 'ca-key.pem' Enter PEM pass phrase: Make sure you remember the pass phrase you entered. The path phrase can be any string of characters. The tool will prompt you for information, starting with the PEM pass phrase, used for encryption. Make a note of all your answers, you will need them in later steps: Country code US State NY Organization QCC Unit ET725 Common name (you can use your name here or anything else) Email (somename@dummy.edu) NOTE: Use your own values instead of Instructor, organization, email. If you actually plan to use the certificate, you will need to provide accurate information Issue an Is command to verify the creation of the two files: ca-cert.pem and ca-key.pem writing new private key to 'ca-key.pem' Enter PEM pass phrase: Verifying Enter PEM pass phrase: You are about to be asked to enter information that will be incorpo rated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]: NY Locality Name (eg, city) []: New York Organization Name (eg, company) [Internet Widgits Pty Ltd]:QCC Organizational Unit Name (eg, section) []:ET725 Common Name (e.g. server FQDN or YOUR name) []: Instructor QCC Email Address []:instructor@bogus.edu root@instructor - VirtualBox:~# ls ca-cert.pem ca-key.pem snap root@instructor-VirtualBox:~# You can display the content of each file using the cat command: cat ca-key.pem cat ca-cert.pem Note which one is encrypted. You can use the following command to view the actual content, not the hex numbers: openssl x509 -in ca-cert.pem -noout -text to display the content of the certificate. 2. We will generate the key and the Certificate signature request (CSR) The name of the output key should be server-key.pem. The output certificate request file should be server-req.pem, And the subject should contain our web server's information. NOTES: Use your own values instead of Instructor, organization, email. root@instructor-VirtualBox:~# root@instructor - VirtualBox:~# openssl req -newkey rsa: 4096 -keyout server-key.pem -out server-req.pem Generating a RSA private key ++++ writing new private key to 'server-key.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: You are about to be asked to enter information that will be incorpo rated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]: NY Locality Name (eg, city) []: New York Organization Name (eg, company) [Internet Widgits Pty Ltd]: Home Organizational Unit Name (eg, section) []: Laptop Common Name (e.g. server FQDN or YOUR name) []: Instructor Home Email Address []:instructor@mail.bogus.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: 3. Sign the Web certificate root@instructor root@instructor - VirtualBox:~# - VirtualBox:~# openssl x509 -req -in server-req.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert. pem Signature ok subject=C = US, ST = NY, L = New York, 0 = Home, OU = Laptop, CN = Instructor Home, emailAddress = instructor@mail.bogus.com Getting CA Private Key Enter pass phrase for ca-key.pem: root@instructor -VirtualBox:~# 4. Verify the certificate root@ubuntu:~# openssl verify -CAfile ca-cert.pem server-cert.pem server-cert.pem: OK root@ubuntu:~# Q1: Which signature algorithm is used for the private key and the public key (hint: look at the information resulting from the display of the keys, done in the lab) Q2: How did you determine which key is encrypted Q3: What is the expiration date of the certificate Q4: Consider the command issued earlier in the lab: openssl req -x509 -newkey rsa:4096 -days 365 -keyout ca-key.pem -out ca-cert.pem Using the man pages explain each of the parameters used in the command Q5: Write a short paragraph explaining what you did in this lab. Use concepts such self- signing, certificate authority, Certificate Signature request, openssl. [Lab 5.1] Certificate generation This lab shows an example of generating a certificate and have it signed by a CA. In this instance we will not submit it to a commercial CA, we will play the role of the CA as well. The lab has 4 main steps: 1. Generate CA private key and certificate 2. Generate Web server's private key and Certificate Signature Request (CSR) 3. Sign the Web server's certificate request 4. Verify the certificate Lab helpful information: If openssl is not installed, the system will diplay the command to install it. You will need to install openssl if not already installed For information about openssl command: General information: man openssl or more openssl. Command specific help is provided for each subcommand, for example, for the openssl req command: man openssl-req or more openssl-req 1. Generate a private key. We will use the openssl utility. Information about it can be obtained from the man page for openssl, Use the command man openss! to display. You can find a copy of the man page in the Lab folder. issue the commands: sudo -i. This command will allow you to issue root level commands without repeatedly enter the sudo command and being prompted for a password each time. openssl version, to verify that openssl is installed and note the version number. openssl req -x509 -newkey rsa:4096 -days 365 -keyout ca-key.pem -out ca-cert.pem Explanation of qualifiers: -x509 to request a self signed certificate -newkey rsa:4096 Creates a new RSA private key of 4096 bits -days 365 How many days the certificate is valid -keyout ca-key.pem to create a private key named ca-key.pem -out ca-cert.pem to redirect the output into a file named ca-cert.pem instructor@instructor-VirtualBox:~$ [sudo] password for instructor: root@instructor-VirtualBox:~# OpenSSL 1.1.1f 31 Mar 2020 root@instructor-VirtualBox:~# 365 -keyout ca-key.pem -out ca-cert.pem Generating a RSA private key sudo -i openssl version openssl req -x509 -newkey rsa: 4096 -days writing new private key to 'ca-key.pem' Enter PEM pass phrase: Make sure you remember the pass phrase you entered. The path phrase can be any string of characters. The tool will prompt you for information, starting with the PEM pass phrase, used for encryption. Make a note of all your answers, you will need them in later steps: Country code US State NY Organization QCC Unit ET725 Common name (you can use your name here or anything else) Email (somename@dummy.edu) NOTE: Use your own values instead of Instructor, organization, email. If you actually plan to use the certificate, you will need to provide accurate information Issue an Is command to verify the creation of the two files: ca-cert.pem and ca-key.pem writing new private key to 'ca-key.pem' Enter PEM pass phrase: Verifying Enter PEM pass phrase: You are about to be asked to enter information that will be incorpo rated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]: NY Locality Name (eg, city) []: New York Organization Name (eg, company) [Internet Widgits Pty Ltd]:QCC Organizational Unit Name (eg, section) []:ET725 Common Name (e.g. server FQDN or YOUR name) []: Instructor QCC Email Address []:instructor@bogus.edu root@instructor - VirtualBox:~# ls ca-cert.pem ca-key.pem snap root@instructor-VirtualBox:~# You can display the content of each file using the cat command: cat ca-key.pem cat ca-cert.pem Note which one is encrypted. You can use the following command to view the actual content, not the hex numbers: openssl x509 -in ca-cert.pem -noout -text to display the content of the certificate. 2. We will generate the key and the Certificate signature request (CSR) The name of the output key should be server-key.pem. The output certificate request file should be server-req.pem, And the subject should contain our web server's information. NOTES: Use your own values instead of Instructor, organization, email. root@instructor-VirtualBox:~# root@instructor - VirtualBox:~# openssl req -newkey rsa: 4096 -keyout server-key.pem -out server-req.pem Generating a RSA private key ++++ writing new private key to 'server-key.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: You are about to be asked to enter information that will be incorpo rated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]: NY Locality Name (eg, city) []: New York Organization Name (eg, company) [Internet Widgits Pty Ltd]: Home Organizational Unit Name (eg, section) []: Laptop Common Name (e.g. server FQDN or YOUR name) []: Instructor Home Email Address []:instructor@mail.bogus.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: 3. Sign the Web certificate root@instructor root@instructor - VirtualBox:~# - VirtualBox:~# openssl x509 -req -in server-req.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert. pem Signature ok subject=C = US, ST = NY, L = New York, 0 = Home, OU = Laptop, CN = Instructor Home, emailAddress = instructor@mail.bogus.com Getting CA Private Key Enter pass phrase for ca-key.pem: root@instructor -VirtualBox:~# 4. Verify the certificate root@ubuntu:~# openssl verify -CAfile ca-cert.pem server-cert.pem server-cert.pem: OK root@ubuntu:~# Q1: Which signature algorithm is used for the private key and the public key (hint: look at the information resulting from the display of the keys, done in the lab) Q2: How did you determine which key is encrypted Q3: What is the expiration date of the certificate Q4: Consider the command issued earlier in the lab: openssl req -x509 -newkey rsa:4096 -days 365 -keyout ca-key.pem -out ca-cert.pem Using the man pages explain each of the parameters used in the command Q5: Write a short paragraph explaining what you did in this lab. Use concepts such self- signing, certificate authority, Certificate Signature request, openssl.
Expert Answer:
Related Book For
Spreadsheet Modeling & Decision Analysis A Practical Introduction to Management Science
ISBN: 978-0324656633
5th edition
Authors: Cliff T. Ragsdale
Posted Date:
Students also viewed these computer network questions
-
Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...
-
can someone solve this Modern workstations typically have memory systems that incorporate two or three levels of caching. Explain why they are designed like this. [4 marks] In order to investigate...
-
Under which of the following circumstances would an auditor be most likely to intensify an challenging examination of a $500 imprest petty cash fund a. Reimbursement occurs twice each week. b. The...
-
Martha is a self-employed tax accountant who drives her car to visit clients on a regular basis. She drives her car 4,000 miles for business and 10,000 for commuting and other personal use. Assuming...
-
The steam explosion of peat renders fermentable carbohydrates that have a number of potentially important industrial uses. A study of the steam explosion process was initiated to determine the...
-
The thermal efficiency of gas turbine as compared to diesel engine is (a) higher (b) lower (c) same (d) unpredictable.
-
In June 1980, Harry Sinclair, General Manager of the Texas Division of Agri-Chem Corporation, received notification from Ben Elliot of Enerco that natural gas supplies were being rapidly depleted. In...
-
Match each definition with its related term by selecting the appropriate term in the dropdown provided. 1. Actual Accounting System Term 2. Direct Labor Efficiency Variance 3. Direct Labor Rate...
-
3. In column G, Brett wants to calculate the number of days the invoice is overdue. If the age of the invoice is greater than 30 days, it is overdue. Calculate the days overdue as follows: a. b. C....
-
A 150-yard pipe is cut to provide drainage for two fields. If the length of one piece (a) is three yards less than twice the length of the second piece (b), what are the lengths of the two pieces?...
-
Determine the exponential function y = c(b) that goes through the points (-2, 16) and (1,54). Algebraic work must be shown for full credit.
-
What are the differences between persuasive and informative speaking? Why is speaking to persuade more challenging than speaking to inform? What does it mean to say that audiences engage in a mental...
-
When should a business letter adopt a formal tone, and when can it be more conversational? Discuss the impact of tone on the readers perception and the context in which each approach is appropriate.
-
1.14 Show that the filter with coefficients [a-2, a-1, a0, a1, a2] = [-1, 4, 3, 4, -1] passes third-degree polynomials and eliminates seasonal components with pe- riod 3.
-
Crane Distribution markets CDs of the performing artist Unique. At the beginning of October, Crane had in beginning inventory 2,000 of Unique's CDs with a unit cost of $5. During October, Crane made...
-
In the figure, the liquids at A and B are water (p.) and the liquid is oil (p.) h,= 300 mm,h:=200 mm, hs=600 mm. Find the pressure difference PA-Pa. 5. - lan
-
A test car is driven a fixed distance of n miles along a straight highway. (Here n Z+.) The car travels at one mile per hour for the first mile, two miles per hour for the second mile, four miles...
-
Michael Abrams runs a specialty clothing store that sells collegiate sports apparel. One of his primary business opportunities involves selling custom screenprinted sweatshirts for college football...
-
A manufacturing company uses a certain type of steel rod in one of its products. The design specifications for this rod indicate that it must be between 0.353 to 0.357 inches in diameter. The machine...
-
Consider the following set of activities: a. Draw the CPM network for this problem. b. Manually determine the earliest and latest start and finish times for each activity and the amount of slack for...
-
Apple stock is selling for \($120\) per share. Call options with a \($117\) exercise price are priced at \($12.\) What is the intrinsic value of the option, and what is the time value?
-
Ibrahim bought 200 shares of a stock trading in the Abu Dhabi Securities Exchange at AED 12 (United Arab Emirates dirham) per share. Over time, the price of the stock increased to AED 18 per share....
-
Twitter is trading at \($34.50.\) Call options with a strike price of \($35\) are priced at \($2.30\) . What is the intrinsic value of the option, and what is the time value?
Study smarter with the SolutionInn App