views:

356

answers:

3

I need a favour from you. My infrastructure is IIS 6.0 and windows server 2003.

I need to investigate the use of OpenSSL and the construction of media that can be sent to end users, allowing them to generate CSRs, as well as produce documentation to support the signing of the CSR.

What I mean is, I need to send a CD to the end user with a script that can generate a CSR and a private key at their machine basing on my companies Publickey CA.

  1. client can run an utility sent by me via some cd or DVD (May be an openSSL script) needs to accept some parameters so that end user can supply keyword/password data.

  2. The script will generate private key and CSR back to my company via some secure way (may be through email, I know it is not safe but some how they send us back CSR)

  3. We receive the CSR and we sign it and return to the client.

So I need to document this, so that the end user can understand what he is doing.

So my question is where can I get the script to send to client so that he can generate his own CSR and PrivateKey.

A: 

Take a look at openssl's req command. Invoke req in a script, and provide an ssl config file to the -config option. req will query the necessary information from the user, and write the request into a file (which you also specify on the command line).

Edit: you can download openssl from http://www.slproweb.com/products/Win32OpenSSL.html Do read the req man page.

Martin v. Löwis
A: 

Thank you martin.

Do I have to download openSSL for this to run. Pardon me for this silly question. I am very new to this. Please can you eloberate a bit more for me.

Thanking you.

Regards, Supremestar

A: 

Hello Martin,

I have done some catch up work and finally got a bit of grip with this openSSL stuff.

But still facing some difficulties and I need some guidance I suppose.

I have downloaded the openSSL lighter version from here.

I have executed the following command to generate a private key and csr file together.

openssl req -newkey rsa:1024 -keyout key.pem -out req.pem

But it was asking me where is the config file.

I know I have to supply the config file for this command.

Because this CSR is going to be generated by the client, do I have to supply any default parameters to the config file or just prompt all the questons.

Please help!

Thanking you.