HPE Community
Operating System - HP-UX
1753797 Members
6951 Online
108799 Solutions
New Discussion юеВ

Re: ssl certificate creation problem

 
bhupesh m
Frequent Advisor

тАО08-02-2006 08:51 PM

тАО08-02-2006 08:51 PM

ssl certificate creation problem

OpenSSL 0.9.7b 10 Apr 2003
in hpux 11.11

i am able to create client certificates to my customers. that means, ssl is congfigured correct.

now my question is:
the server itself need a certificate to verify the clients certificates. isnt?
i like to know my server certificate expiration period? and clients certificates time period too.

thanks,

0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

тАО08-02-2006 09:11 PM

тАО08-02-2006 09:11 PM

Re: ssl certificate creation problem

Shalom,

Here is some code to generate certificates on your own system. The length of the certificate is set on the command line.

You will need an openssl.cnf file at the location specified in my code or change it.

---begin code---
#!/bin/sh

echo "name is: $1"

# while read -r serial
# do
# snumber = $serial
# done < serial


# (( snumber = snumber + 1 ))
# echo "new serial number is: $snumber"

# exit
# echo '100001' >serial


touch certindex.txt
touch index.txt
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -con
fig /etc/openssl.cnf
openssl ca -out ${1}-cert.pem -config /etc/openssl.cnf -infiles ${1}-req.pem

certf="${1}-cert.pem"
keyf="private/${1}-key.pem"


cp $keyf /etc/httpd/conf/ssl.key/
cp $certf /etc/httpd/conf/ssl.crt/


---end code----
Make sure you adjust all the paths to your system. HP-UX using HP's appache port /etc/httpd will be /opt/hpws/apache/conf

This code works on HP-UX.

I will happily help you make it work.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
bhupesh m
Frequent Advisor

тАО08-02-2006 09:34 PM

тАО08-02-2006 09:34 PM

Re: ssl certificate creation problem

Thanks SEP,
but,
certificates is already created. i like to know when my server's and clients certificates will expire?
the time period like after "6months my server certificate will expire",..like that...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО08-02-2006 10:31 PM

тАО08-02-2006 10:31 PM

Re: ssl certificate creation problem

Shalom,

Use wget to get the web page httpd://servername/index.html

Then you can perhaps process the certificate reference to get an end date.

What is better however is checking the certificate on the system that owns the certificate. If you have access write a cron job to check the files and send you the results.

Some portion of these files is text.

Another idea is to merely distibute new certificates every 6 or 9 months.

There is probably also an openssl command you can run in your cron job on the remote host to check dates.

Final idea for now is if you have password free ssh access to the servers, run a job on the remote node that checks the file or even perhaps the file date and reports back based on yoru expiration nearness criteria.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.