- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- ssl certificate creation problem
Operating System - HP-UX
1755645
Members
3316
Online
108837
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-02-2006 08:51 PM
тАО08-02-2006 08:51 PM
ssl certificate creation problem
OpenSSL 0.9.7b 10 Apr 2003
in hpux 11.11
i am able to create client certificates to my customers. that means, ssl is congfigured correct.
now my question is:
the server itself need a certificate to verify the clients certificates. isnt?
i like to know my server certificate expiration period? and clients certificates time period too.
thanks,
in hpux 11.11
i am able to create client certificates to my customers. that means, ssl is congfigured correct.
now my question is:
the server itself need a certificate to verify the clients certificates. isnt?
i like to know my server certificate expiration period? and clients certificates time period too.
thanks,
- Tags:
- certificate
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-02-2006 09:11 PM
тАО08-02-2006 09:11 PM
Re: ssl certificate creation problem
Shalom,
Here is some code to generate certificates on your own system. The length of the certificate is set on the command line.
You will need an openssl.cnf file at the location specified in my code or change it.
---begin code---
#!/bin/sh
echo "name is: $1"
# while read -r serial
# do
# snumber = $serial
# done < serial
# (( snumber = snumber + 1 ))
# echo "new serial number is: $snumber"
# exit
# echo '100001' >serial
touch certindex.txt
touch index.txt
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -con
fig /etc/openssl.cnf
openssl ca -out ${1}-cert.pem -config /etc/openssl.cnf -infiles ${1}-req.pem
certf="${1}-cert.pem"
keyf="private/${1}-key.pem"
cp $keyf /etc/httpd/conf/ssl.key/
cp $certf /etc/httpd/conf/ssl.crt/
---end code----
Make sure you adjust all the paths to your system. HP-UX using HP's appache port /etc/httpd will be /opt/hpws/apache/conf
This code works on HP-UX.
I will happily help you make it work.
SEP
Here is some code to generate certificates on your own system. The length of the certificate is set on the command line.
You will need an openssl.cnf file at the location specified in my code or change it.
---begin code---
#!/bin/sh
echo "name is: $1"
# while read -r serial
# do
# snumber = $serial
# done < serial
# (( snumber = snumber + 1 ))
# echo "new serial number is: $snumber"
# exit
# echo '100001' >serial
touch certindex.txt
touch index.txt
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -con
fig /etc/openssl.cnf
openssl ca -out ${1}-cert.pem -config /etc/openssl.cnf -infiles ${1}-req.pem
certf="${1}-cert.pem"
keyf="private/${1}-key.pem"
cp $keyf /etc/httpd/conf/ssl.key/
cp $certf /etc/httpd/conf/ssl.crt/
---end code----
Make sure you adjust all the paths to your system. HP-UX using HP's appache port /etc/httpd will be /opt/hpws/apache/conf
This code works on HP-UX.
I will happily help you make it work.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-02-2006 09:34 PM
тАО08-02-2006 09:34 PM
Re: ssl certificate creation problem
Thanks SEP,
but,
certificates is already created. i like to know when my server's and clients certificates will expire?
the time period like after "6months my server certificate will expire",..like that...
but,
certificates is already created. i like to know when my server's and clients certificates will expire?
the time period like after "6months my server certificate will expire",..like that...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-02-2006 10:31 PM
тАО08-02-2006 10:31 PM
Re: ssl certificate creation problem
Shalom,
Use wget to get the web page httpd://servername/index.html
Then you can perhaps process the certificate reference to get an end date.
What is better however is checking the certificate on the system that owns the certificate. If you have access write a cron job to check the files and send you the results.
Some portion of these files is text.
Another idea is to merely distibute new certificates every 6 or 9 months.
There is probably also an openssl command you can run in your cron job on the remote host to check dates.
Final idea for now is if you have password free ssh access to the servers, run a job on the remote node that checks the file or even perhaps the file date and reports back based on yoru expiration nearness criteria.
SEP
Use wget to get the web page httpd://servername/index.html
Then you can perhaps process the certificate reference to get an end date.
What is better however is checking the certificate on the system that owns the certificate. If you have access write a cron job to check the files and send you the results.
Some portion of these files is text.
Another idea is to merely distibute new certificates every 6 or 9 months.
There is probably also an openssl command you can run in your cron job on the remote host to check dates.
Final idea for now is if you have password free ssh access to the servers, run a job on the remote node that checks the file or even perhaps the file date and reports back based on yoru expiration nearness criteria.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP