==== simple OpenSSL Certficate Authority ====
=== Create Certificate Authority ===

  station7:/etc # station7:/usr/share/ssl/misc # ./CA.sh -newca
  CA certificate filename (or enter to create)
  
  Making CA certificate ...
  Generating a 1024 bit RSA private key
  .....++++++
  .....................................++++++
  writing new private key to './demoCA/private/./cakey.pem'
  Enter PEM pass phrase:
  Verifying - Enter PEM pass phrase:
  -----
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -----
  Country Name (2 letter code) [AU]:DE
  State or Province Name (full name) [Some-State]:BW
  Locality Name (eg, city) []:Stuttgart
  Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Inc.
  Organizational Unit Name (eg, section) []:IuK/Netzwerke
  Common Name (eg, YOUR name) []:station7.example.com
  Email Address []:hostmaster@example.com
  station7:/usr/share/ssl/misc #
\\ 
=== Create Certificate Request ===
  station7:/usr/share/ssl/misc # openssl req -new -nodes -keyout
  newreq.pem -out newreq.pem
  Generating a 1024 bit RSA private key
  ....++++++
  .++++++
  writing new private key to 'newreq.pem'
  -----
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -----
  Country Name (2 letter code) [AU]:DE
  State or Province Name (full name) [Some-State]:BW
  Locality Name (eg, city) []:Stuttgart
  Organization Name (eg, company) [Internet Widgits Pty Ltd]:UKBW Stuttgart
  Organizational Unit Name (eg, section) []:IuK/Netzwerke
  Common Name (eg, YOUR name) []:station7.example.com
  Email Address []:hostmaster@example.com
  
  Please enter the following 'extra' attributes
  to be sent with your certificate request
  A challenge password []:
  An optional company name []:
  station7:/usr/share/ssl/misc #
\\ 
=== Sign Certificate Request ===
  station7:/usr/share/ssl/misc # ./CA.sh -sign
  Using configuration from /etc/ssl/openssl.cnf
  Enter pass phrase for ./demoCA/private/cakey.pem:
  Check that the request matches the signature
  Signature ok
  Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jun 28 14:41:04 2007 GMT
            Not After : Jun 27 14:41:04 2008 GMT
        Subject:
            countryName               = DE
            stateOrProvinceName       = BW
            localityName              = Stuttgart
            organizationName          = Example Inc.
            organizationalUnitName    = IuK/Netzwerke
            commonName                = station7.example.com
            emailAddress              = hostmaster@example.com
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                1A:DA:45:36:71:DF:E8:62:0D:EB:F9:5F:FE:02:75:E2:6A:D7:AB:0D
            X509v3 Authority Key Identifier:
  
  keyid:CC:6C:8E:D5:23:DF:EB:5F:A5:17:99:8D:C2:70:FA:0C:37:81:22:D0
                DirName:/C=DE/ST=BW/L=Stuttgart/O=Example Inc./OU=IuK/Netzwerke/CN=station7.example.com/emailAddress=hostmaster@example.com
                serial:82:4A:A3:00:03:DC:19:D4
  
  Certificate is to be certified until Jun 27 14:41:04 2008 GMT (365 days)
  Sign the certificate? [y/n]:y
  
  
  1 out of 1 certificate requests certified, commit? [y/n]y
  Write out database with 1 new entries
  Data Base Updated
  Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=DE, ST=BW, L=Stuttgart, O=Example Inc., OU=IuK/Netzwerke, CN=station7.example.com/emailAddress=hostmaster@example.com
        Validity
            Not Before: Jun 28 14:41:04 2007 GMT
            Not After : Jun 27 14:41:04 2008 GMT
        Subject: C=DE, ST=BW, L=Stuttgart, O=Example Inc., OU=IuK/Netzwerke, CN=station7.example.com/emailAddress=hostmaster@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:be:cd:b5:74:24:47:65:f7:73:9a:4d:39:ea:19:
                    3f:eb:9e:c9:d6:cb:c0:3f:b8:98:c8:5b:30:8f:47:
                    af:92:d6:df:56:1c:f9:f6:08:02:39:87:b4:4c:53:
                    a3:2c:ea:70:08:10:32:fb:23:91:5e:4e:5c:6d:21:
                    7e:06:f8:c9:f6:d3:08:de:b8:e3:89:9d:67:ee:cb:
                    98:09:cb:73:05:05:19:a7:5d:23:15:d7:b0:93:23:
                    fc:b0:0b:b4:e3:a4:8c:26:53:94:d4:f4:d1:95:ef:
                    a2:a1:5d:a6:59:78:2b:1c:2c:46:94:16:92:17:65:
                    5f:ce:fb:e1:ab:1c:51:ee:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                1A:DA:45:36:71:DF:E8:62:0D:EB:F9:5F:FE:02:75:E2:6A:D7:AB:0D
            X509v3 Authority Key Identifier:
  
  keyid:CC:6C:8E:D5:23:DF:EB:5F:A5:17:99:8D:C2:70:FA:0C:37:81:22:D0
                DirName:/C=DE/ST=BW/L=Stuttgart/O=Example Inc./OU=IuK/Netzwerke/CN=station7.example.com/emailAddress=hostmaster@example.com
                serial:82:4A:A3:00:03:DC:19:D4
  
    Signature Algorithm: md5WithRSAEncryption
        9e:b4:ac:e5:94:24:fe:cd:5b:d0:76:d5:6b:2a:96:87:91:58:
        45:f8:47:62:c0:93:b4:90:1d:33:0e:f7:cd:d3:a0:a3:2e:2f:
        6d:da:a3:e1:8c:2f:45:67:f4:a7:0d:b0:59:ea:59:c0:b2:2b:
        54:3f:49:69:8e:35:32:d9:fd:bc:e3:a5:7d:6f:91:16:70:f1:
        c9:66:50:e0:bc:30:4d:06:5d:1e:0e:08:ea:04:af:fa:40:b3:
        72:9d:2e:23:bb:7f:23:f5:6e:70:8a:d9:10:ff:37:c5:5d:ad:
        61:c8:19:c4:9c:39:cf:54:68:0e:44:04:f4:e1:be:5c:eb:02:
        d5:45
  -----BEGIN CERTIFICATE-----
  MIIEAzCCA2ygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMCREUx
  CzAJBgNVBAgTAkJXMRIwEAYDVQQHEwlTdHV0dGdhcnQxFzAVBgNVBAoTDlVLQlcg
  U3R1dHRnYXJ0MRgwFgYDVQQLEw9JdUsgLyBOZXR6d2Vya2UxIDAeBgNVBAMTF2dy
  b3Vwd2FyZS10ZXN0LnVrLWJ3LmRlMSIwIAYJKoZIhvcNAQkBFhNob3N0bWFzdGVy
  QHVrLWJ3LmRlMB4XDTA3MDYyODE0NDEwNFoXDTA4MDYyNzE0NDEwNFowgacxCzAJ
  BgNVBAYTAkRFMQswCQYDVQQIEwJCVzESMBAGA1UEBxMJU3R1dHRnYXJ0MRcwFQYD
  VQQKEw5VS0JXIFN0dXR0Z2FydDEYMBYGA1UECxMPSXVLIC8gTmV0endlcmtlMSAw
  HgYDVQQDExdncm91cHdhcmUtdGVzdC51ay1idy5kZTEiMCAGCSqGSIb3DQEJARYT
  aG9zdG1hc3RlckB1ay1idy5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
  vs21dCRHZfdzmk056hk/657J1svAP7iYyFswj0evktbfVhz59ggCOYe0TFOjLOpw
  CBAy+yORXk5cbSF+BvjJ9tMI3rjjiZ1n7suYCctzBQUZp10jFdewkyP8sAu046SM
  JlOU1PTRle+ioV2mWXgrHCxGlBaSF2VfzvvhqxxR7t0CAwEAAaOCATswggE3MAkG
  A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
  ZmljYXRlMB0GA1UdDgQWBBQa2kU2cd/oYg3r+V/+AnXiaterDTCB3AYDVR0jBIHU
  MIHRgBTMbI7VI9/rX6UXmY3CcPoMN4Ei0KGBraSBqjCBpzELMAkGA1UEBhMCREUx
  CzAJBgNVBAgTAkJXMRIwEAYDVQQHEwlTdHV0dGdhcnQxFzAVBgNVBAoTDlVLQlcg
  U3R1dHRnYXJ0MRgwFgYDVQQLEw9JdUsgLyBOZXR6d2Vya2UxIDAeBgNVBAMTF2dy
  b3Vwd2FyZS10ZXN0LnVrLWJ3LmRlMSIwIAYJKoZIhvcNAQkBFhNob3N0bWFzdGVy
  QHVrLWJ3LmRlggkAgkqjAAPcGdQwDQYJKoZIhvcNAQEEBQADgYEAnrSs5ZQk/s1b
  0HbVayqWh5FYRfhHYsCTtJAdMw73zdOgoy4vbdqj4YwvRWf0pw2wWepZwLIrVD9J
  aY41Mtn9vOOlfW+RFnDxyWZQ4LwwTQZdHg4I6gSv+kCzcp0uI7t/I/VucIrZEP83
  xV2tYcgZxJw5z1RoDkQE9OG+XOsC1UU=
  -----END CERTIFICATE-----
  Signed certificate is in newcert.pem
  station7:/usr/share/ssl/misc #
\\ 
As result you got:
    * A "Certificate Authorithies" certificate "cacert.pem"
    * A certificate for "station7.example.com" "newcert.pem"
    * A private key for "station7.example.com" "newreq.pem"
\\ 
\\ 
<- [[commserv:index|index]]