Securing-Optimizing-RH-Linux-1_2_292
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
292
Certificate is to be certified until Dec 1 14:59:29 2000 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
This signs the CSR and results in a server.crt file.
[root@deep ssl]# mv server.crt certs/
Now you have two files: server.key and server.crt. These now can be for example used as
following inside your Apache's httpd.conf file:
SSLCertificateFile /etc/ssl/certs/server.crt Our web server public key
SSLCertificateKeyFile /etc/ssl/private/server.key Our web server private key
The server.csr file is no longer needed.
[root@deep ssl]# rm -f server.csr
Securing OpenSSL
Make your keys Read and Write only by the super-user root. This is important because no one
need to touch this files.
·
To make your keys read and Write only by root, use the following commands:
[root@deep /]# chmod 600 /etc/ssl/certs/ca.crt
[root@deep /]# chmod 600 /etc/ssl/certs/server.crt
[root@deep /]# chmod 600 /etc/ssl/private/ca.key
[root@deep /]# chmod 600 /etc/ssl/private/server.key
Some possible uses of OpenSSL software
OpenSSL can be used to:
1.
Create your own Certificate Server.
2.
Provide data confidentiality, integrity, authentication, and electronic signature in
transmission for the users.
3.
Secure electronic commerce transactions.
Installed files
> /etc/ssl
> /etc/ssl/crl
> /etc/ssl/certs
> /etc/ssl/private
> /etc/ssl/openssl.cnf
> /usr/bin/openssl
> /usr/bin/c_rehash
> /usr/bin/sign.sh
> /usr/bin/c_hash
> /usr/bin/c_info
> /usr/bin/c_issuer
> /usr/bin/c_name
> /usr/bin/der_chop
> /usr/include/openssl
> /usr/man/man1/verify.1
> /usr/man/man1/version.1
> /usr/man/man1/x509.1
> /usr/man/man3/BN_CTX_new.3
> /usr/man/man3/BN_CTX_start.3
> /usr/man/man3/BN_add.3
> /usr/man/man3/BN_add_word.3
> /usr/man/man3/BN_bn2bin.3
> /usr/man/man3/BN_cmp.3
> /usr/man/man3/BN_copy.3
> /usr/man/man3/BN_generate_prime.3
> /usr/man/man3/BN_mod_inverse.3
> /usr/man/man3/BN_mod_mul_montgomery.3
> /usr/man/man3/BN_mod_mul_reciprocal.3