Scribd Logo
Upload

Welcome to Scribd!

  • SSL Cert Renewal Suneel B

    Uploaded by

    jsantosh_d
    66 views11 pages
    This document discusses SSL certificates and OpenSSL. It provides information on creating and renewing certificates for IBM HTTP Server (IHS) from an existing key database file. It also covers how to convert between different certificate formats like .kdb, .jks, and .pem using tools like OpenSSL and Java Keytool. The document includes commands to generate certificate signing requests and view certificate details.

    Original Description:

    ssl cert

    Original Title

    SSL Cert Renewal Suneel b

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses SSL certificates and OpenSSL. It provides information on creating and renewing certificates for IBM HTTP Server (IHS) from an existing key database file. It also covers how to convert between different certificate formats like .kdb, .jks, and .pem using tools like OpenSSL and Java Keytool. The document includes commands to generate certificate signing requests and view certificate details.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    66 views11 pages

    SSL Cert Renewal Suneel B

    Uploaded by

    jsantosh_d
    This document discusses SSL certificates and OpenSSL. It provides information on creating and renewing certificates for IBM HTTP Server (IHS) from an existing key database file. It also covers how to convert between different certificate formats like .kdb, .jks, and .pem using tools like OpenSSL and Java Keytool. The document includes commands to generate certificate signing requests and view certificate details.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    1

    What is SSL ?
    How to create Certs for IHS ?
    How to renew certs from Existing KDB file ?
    OpenSSL

    Q&A

    2
    SSL
    SSL ( Secure Sockets Layer) is a standard
    Security technology to establish connection
    between server and client browsers.
    Algorithms:
    MD5 Hash Algorithm
    RSA public Key cryptography
    SHA-1 (128), 1024 -bit
    SHA-2(256) , 2048-bit (Approved by NIST)
    SHA-384,512
    SHA-3 Not yet approved by NIST
    What is Certificate authority ( CA) ?
    CA is an entity that issues a digital certificates

    Root Certificate: Unsigned Publickey or Self Signed

    How to order certs?


    1) Gather required Info. Like CN, O, OU ,S and C
    2) Generate CSR
    3) Submit the CSR to Certificate Authority.
    4) Receive and Install Certificate

    4
    How to create a cert DB?

    /bin/gsk8capicmd -keydb -create -db dcentral523.kdb -pw password01 -type cms


    -expire 1000 stash

    /bin/gsk8capicmd -cert -create -db dcentral523.kdb -pw password01 -size 2048


    -dn "CN=dcentral523.intra.aexp.com,OU=Web Hosting,O=American Express
    Company,
    L=Phoenix,ST=A rizona,C=US" -label dcentral523.intra.aexp.com -sigalg
    sha256 -expire 800

    /bin/gsk8capicmd -cert -details -db dcentral523.kdb -label


    dcentral523.intra.aexp.com
    Source database password :
    Label : dcentral523.intra.aexp.com
    Key Size : 2048
    Version : X509 V3
    Serial : 123c3b002f299f8e
    Issuer : cn=dcentral523.intra.aexp.com, ou=Web Hosting, o =American Express
    Company, l =Phoenix, st =Arizona, c =US
    Subject : cn=dcentral523.intra.aexp.com, ou=Web Hosting, o =American
    Express Company, l =Phoenix, st =Arizona, c =US
    Not Before : March 9, 2015 2:56:55 PM MST
    Not After : May 18, 2017 2:56:55 PM MST

    5
    How to renew a cert from existing KDB?

    /bin/gsk8capicmd -certreq -recreate -db


    dcentral523.kdb -pw password01 -type cms
    -label dcentral523.intra.aexp.com -sig_alg
    sha256 -target dcentral523.csr

    Convert .kdb/jks to .key file using openSSL


    a) Convert .kdb/.jks to PKCS12 using Keytool
    b) Convert PKCS12 to pem Using OpenSSL

    6
    OpenSSL
    What is OpenSSL ?
    OpenSSL is an Open-Source
    implementation of SSL and TLS protocol.

    Version: 1.0.2 (released on Jan 22, 2015)

    Algorithm: Its support most of all


    cryptographic Algorithm.
    Most of webservers are support openssl certs

    7
    IBMIHS -- .kdb (GSK Toolkit)
    Websphere - .jks/.p12 ( Java Keytool)
    Apache - .key
    Tomcat/Jboss - .key
    SunOne -- .db

    8
    Create a CSR
    openssl req -new -newkey rsa:2048 -nodes
    -sha256 -keyout server.key -out server.csr

    View the CSR


    openssl req -verify -noout -text -in server.csr

    View the CN from .pem/.crt


    openssl x509 -subject -dates -issuer -noout
    -in server.crt
    9
    iKeyMan Demo

    10
    Q&A

    11

    You might also like