Operating System - HP-UX
1748089 Members
5070 Online
108758 Solutions
New Discussion юеВ

Re: OpenSSL help required

 
msbinu
Advisor

OpenSSL help required

Hi,

I m very new to SSl and I have been asked to setup a client server communication using SSL.

I m trying to write my program using openssl libraries .
MY questions are on the certificate generation using open ssl.
What is the procedure to generate certificate ?
DO we have to write seperate code to generate certificate ?
Do client and server need seperate certificates?
Do we have to always generate certificate or if we can use the same certificate always ?

I know that these questions are very basic one.
but I m completely ignorant about SSL.
ANy help will be greatly appreciated .

Regards
Binu
5 REPLIES 5
Arunvijai_4
Honored Contributor

Re: OpenSSL help required

Hi Binu,

Q) What is the procedure to generate certificate ?
A) You can use "openssl" utility to generate certificates.

Example : openssl req -new -x509 -extensions v3_ca -keyout \
private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf


Q) DO we have to write seperate code to generate certificate ?

A) You can use Openssl tool for this. No need to write separate app.

Q)Do client and server need seperate certificates?

A) It depends on which way you prefer.

Q) Do we have to always generate certificate or if we can use the same certificate always ?

A) You can use the same certificate till it expries.

Some links,
http://www.openssl.org
http://www.flatmtn.com/computer/Linux-SSLCertificates.html#SSLCert-5
http://www.pseudonym.org/ssl/ssl_cook.html

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Steven E. Protter
Exalted Contributor

Re: OpenSSL help required

Shalom Binu,

What is the procedure to generate certificate ?
http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fslacksite.com%2Fapache%2Fcertificate.html&ei=45pZRMG5LsnGwQG6yNHKBw&sig2=MzD6HnS94MgF19R7hhXpwg
Certificate cookbook:
http://www.google.com/url?sa=t&ct=res&cd=2&url=http%3A%2F%2Fwww.pseudonym.org%2Fssl%2Fssl_cook.html&ei=45pZRMG5LsnGwQG6yNHKBw&sig2=eHMRagkDe5-04R-bZkt2-A
DO we have to write seperate code to generate certificate ?
No.
Do client and server need seperate certificates?
Client needs nothing. They will be prompted to accept the server certificate at first login, depending on connection method.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
msbinu
Advisor

Re: OpenSSL help required

Thanks alot Arun,
SOme more doubts .

I didnt understand what you meant by expiry of the certificate .

Also i m still confused about the certificate generation .
The example whch you have given is to be done from our code???
Please remember that I m not using https .
I m trying to implement a client -server socket communication

Binu
msbinu
Advisor

Re: OpenSSL help required

Hi Arun,Steven

Please note that I dont have any apache or some thing like that .
I have to implement SSL using C++

Regards
Binu
Arunvijai_4
Honored Contributor

Re: OpenSSL help required

Hi Binu,

Q) I didnt understand what you meant by expiry the certificate .

When you generate a certificate, openssl req -new -x509 -extensions v3_ca -keyout \
private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf

You specify "-days". In this example, i have given expiry as "365" days. You can specify your own time. Note that, ceriticate will expire after one year and you need to re-generate it.

Also i m still confused about the certificate generation .
The example whch you have given is to be done from our code???

Yes, you can create with any C/C++ program using Openssl utility.

-Arun

P.S Remember to assign points.
"A ship in the harbor is safe, but that is not what ships are built for"