tags:

views:

356

answers:

3
Q: 

OpenSSL and generating CSRs at client side

I need a favour from you. My infrastructure is IIS 6.0 and windows server 2003.

I need to investigate the use of OpenSSL and the construction of media that can be sent to end users, allowing them to generate CSRs, as well as produce documentation to support the signing of the CSR.

What I mean is, I need to send a CD to the end user with a script that can generate a CSR and a private key at their machine basing on my companies Publickey CA.

  1. client can run an utility sent by me via some cd or DVD (May be an openSSL script) needs to accept some parameters so that end user can supply keyword/password data.

  2. The script will generate private key and CSR back to my company via some secure way (may be through email, I know it is not safe but some how they send us back CSR)

  3. We receive the CSR and we sign it and return to the client.

So I need to document this, so that the end user can understand what he is doing.

So my question is where can I get the script to send to client so that he can generate his own CSR and PrivateKey.

A: 

Take a look at openssl's req command. Invoke req in a script, and provide an ssl config file to the -config option. req will query the necessary information from the user, and write the request into a file (which you also specify on the command line).

Edit: you can download openssl from http://www.slproweb.com/products/Win32OpenSSL.html Do read the req man page.

Martin v. Löwis  2008-12-02 13:23:36
A: 

Thank you martin.

Do I have to download openSSL for this to run. Pardon me for this silly question. I am very new to this. Please can you eloberate a bit more for me.

Thanking you.

Regards, Supremestar

 2008-12-02 14:22:15
A: 

Hello Martin,

I have done some catch up work and finally got a bit of grip with this openSSL stuff.

But still facing some difficulties and I need some guidance I suppose.

I have downloaded the openSSL lighter version from here.

I have executed the following command to generate a private key and csr file together.

openssl req -newkey rsa:1024 -keyout key.pem -out req.pem

But it was asking me where is the config file.

I know I have to supply the config file for this command.

Because this CSR is going to be generated by the client, do I have to supply any default parameters to the config file or just prompt all the questons.

Please help!

Thanking you.

 2008-12-03 13:18:27

related questions

Encrypting data in Cocoa, decoding in PHP (and vice versa)
SSCrypto/OpenSSL to C# Crypto
How do you test a public/private keypair?
Python memory debugging with GDB
Programmatically Create X509 Certificate using OpenSSL
Understanding engine initialization in OpenSSL
Net::SSLeay post_https compilation error: Too many arguments
Opening an RSA private key from Ruby
How can I parse a Certificate Signing Request with Perl?
How to deploying a self signed SSL certificate to multiple servers
Building libcurl with SSL support on Windows
Self Signed Certificate in Windows without makecert?
"CURLE_OUT_OF_MEMORY" error when posting via https
How would you test an SSL connection?
Crypto/x509 certificate parsing libraries for Python (pyOpenSSL vs Python OpenSSL Wrappers vs...)
Strange call stack, could it be problem in asio's usage of openssl?
Is it a problem if multiple different accepting sockets use the same OpenSSL context?
Ruby on Rails: no such file to load -- openssl on RedHat Linux Enterprise
Using openssl what does "unable to write 'random state'" mean?
Using openssl encryption with Java
C# utility to create a CA
Easy expanation of setting up Openssl on Windows.
Getting ASN.1 Issuer strings from PEM files?
What Certificate Authority Software is Available?