[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: difference between -newcert, -newreq, -newreq-nodes?
From: Marco Fioretti <mfioretti () mclink ! it>
Date: 2007-06-15 9:00:58
Message-ID: 1.3.200706151100.88771 () mclink ! it
[Download RAW message or body]
Hello,
I only want to:
* be my own CA in order to
* create a self signed certificate and key (in a separate file) to
use for encrypted communication between my home email client and a Postfix/dovecot
server I am building.
* make sure that the private key is not encrypted, so the server restarts unattended
in case of a reboot.
now, the online openssl man page of CA.pl \
(http://www.openssl.org/docs/apps/CA.pl.html) says:
#########################################
-newcert
creates a new self signed certificate. The private key and certificate are \
written to the file ``newreq.pem''.
-newreq
creates a new certificate request. The private key and request are written to the \
file ``newreq.pem''.
-newreq-nodes
is like -newreq except that the private key will not be encrypted.
##########################################
The questions are:
1) what is the actual difference between "creating a new
certificate request" and "creating a new self signed
certificate"?? Why there are "certificates" and "certificates
*requests*"? What is the exact doc to read to understand this
point?
2) which of these options are needed, and in in which order,
to do all and only what I described at the beginning of
this message? Is this command sequence the right one for
this scenario:
./CA -newca
./CA -newreq-nodes
or do I also have to add:
./CA -sign
or something else?
3) Running the two commands in 2) I will have (if I understand
correctly) the new certificate and key all in one file
(newreq.pem). How to get them in separate files? Can I just
cut the key part and paste it in another file or there is
a better way?
I *have* already checked several online tutorial but frankly
they do not make these points clear (not to mention that
some are pretty old and quite a few of the others talk about
a CA _shell_ script and that, on Centos at least,
you do find packaged a CA shell script and not a CA.pl one)
Thank you in advance for any feedback,
Marco
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic