Scritto da
  • email
  • twitter
  • linkedin
  • linkedin

As is so often the case, working with SSL you need to configure and test a strong authentication (SSL client authentication). In all these cases, you need to provide an ad-hoc client certificate to perform a succesful handshake.

As is so often the case, working with SSL you need to configure and test a strong authentication (SSL client authentication).

In all these cases, you need to provide an ad-hoc client certificate to perform a succesful handshake.

OpenSSL can be used to create your PKCS12 client certificate by peforming the following few steps.

 

  • Create a new request
openssl req -new -nodes -out req.pem -keyout key.pem -days 3650 -config openssl.cnf

 

  • Sign the request with your certification authority (CA)
openssl ca -out cert.pem -days 365 -config openssl.cnf -infiles req.pem

 

  • Create you p12 certificate
openssl pkcs12 -export -in cert.pem -inkey key.pem -certfile cacert.pem -name "Fabio Martelli" -out cert.p12 

 

Now you can use your cert.p12 with client application.

E.G. If your client is Firefox you can simply import your certificate as a new "personal certificate".

IMPORTANT: the target peer (the application requiring strong authentication) has to be provisioned with the CA which has signed your certificate.

1 VOTITerribleTerrible
Ti è stato utile questo articolo?
Dal Blog di Tirasa
Quello che facciamo, studiamo e pensiamo tutti i giorni lo condividiamo qui.
Vai al blog >