CODEWITHSUNDEEP
sslopensslcode-signingcode-signing-certificatesigntool
gunwin
gunwin

Reputation: 4832

Extracting certificate parts to sign file with OpenSSL

I wish to sign a .mobileconfig file using the following command:

openssl smime \
-sign \
-signer your-cert.pem \
-inkey your-priv-key.pem \
-certfile TheCertChain.pem \
-nodetach \
-outform der \
-in ConfigProfile.mobileconfig \
-out ConfigProfile_signed.mobileconfig

I have an SSL certificate which was requested and installed on my machine, and a code-signing certificate which was requested and installed on my machine.

Now which certificate should I be using (code signing or SSL?), and how do I get hold of the your-cert.pem,your-priv-key.pem and TheCertChain.pem files?

Visiting GoDaddy again just gives me a single .pem file, and I do not know which one that even is.

Running openssl x509 -in godaddy.pem -inform pem -noout -text on the .pem from GoDaddy gives the following:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
        Validity
            Not Before: Jun 29 17:06:20 2004 GMT
            Not After : Jun 29 17:06:20 2034 GMT
        Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:de:9d:d7:ea:57:18:49:a1:5b:eb:d7:5f:48:86:
                    ea:be:dd:ff:e4:ef:67:1c:f4:65:68:b3:57:71:a0:
                    ****REMOVED FOR BREVITY****
                    58:c6:44:7b:0a:3e:62:28:5f:ba:41:07:53:58:cf:
                    11:7e:38:74:c5:f8:ff:b5:69:90:8f:84:74:ea:97:
                    1b:af
                Exponent: 3 (0x3)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                D2:C4:****REMOVED FOR BREVITY****:A8:6A:D4:E3
            X509v3 Authority Key Identifier: 
                keyid:D2:C4:****REMOVED FOR BREVITY****D:A8:6A:D4:E3
                DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
                serial:00

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
         32:4b:f3:b2:ca:3e:91:fc:12:c6:a1:07:8c:8e:77:a0:33:06:
         14:5c:90:1e:18:f7:08:a6:3d:0a:19:f9:87:80:11:6e:69:e4:
         96:17:30:ff:34:91:63:72:38:ee:cc:1c:01:a3:1d:94:28:a4:
         ****REMOVED FOR BREVITY****
         10:43:a6:a5:9e:0a:d5:95:62:9a:0d:cf:88:82:c5:32:0c:e4:
         2b:9f:45:e6:0d:9f:28:9c:b1:b9:2a:5a:57:ad:37:0f:af:1d:
         7f:db:bd:9f

Upvotes: 1

Views: 1218

Answers (1)

James Daniels
James Daniels

Reputation: 6981

You'll need to sign with your private key, cert, and chain.

your-cert.pem is the certificate that GoDaddy issued you.

your-priv-key.pem is the private key you generated on your keychain or on the command line to create the CSR.

TheCertChain.pem is GoDaddy's certificate chain, you can find that on their website

FYI here's example code on how I'm signing a .mobileconfig in Ruby https://github.com/AppBlade/TestHub/blob/master/app/controllers/devices_controller.rb#L31

Upvotes: 1

Related Questions