Sunday, July 2, 2017

Java and SSL: Signing a CSR with OpenSSL

This post is part of a series about the worlds of Java and SSL.  I hope to do 1 post a day on this topic. The resulting posts will become the basis for another section of a talk that I am scheduled to give on August 10 at the Boulder/Denver Cybersecurity Meetup.

Signing a CSR with OpenSSL

openssl x509 -req -CA ca-certificate.pem.txt -CAkey ca-key.pem.txt -in private.csr \
    -out private.cer  -days 365 -CAcreateserial

Java doesn't make creating CAs or signing part of keytool. This is very strange.  Creating CAs and 
signing CSRs seem like a fundamental abilities that users would want. The fact that they are left out 
is another indication of how primitive SSL is with Java.

No comments:

Post a Comment