Reputation: 3782
How to generate a proof of possesion for a X509 certificate using OpenSSL?
I need to generate a proof of possession, signing a verification code with my private key.
I did not find a question related to this, here in Stack Overflow, and I am not finding some reference on Internet. I am following this tutorial, but I want to use OpenSSL.
My verification code is related to a X509 certificate, like this:
7A69A4702DA903A41C3A5BC5575A8E3F49BEC5E5BA2D4CE1
Upvotes: 4
Views: 3653
Answers (1)
Reputation: 3782
I got the answer with the Azure support team.
I already had my root key and X509 cert, generated with the following command:
openssl req -x509 -newkey rsa:2048 -keyout root_private.pem -nodes -out root_cert.pem
Then, I needed to generate the verification cert...
Create verification key:
openssl genrsa -out verification.key 2048Create the verification cert:
openssl req -new -key verification.key -out verification.csr
When creating the verification cert, I need to specify the verification code obtained (7A69A4702DA903A41C3A5BC5575A8E3F49BEC5E5BA2D4CE1) as the "Common Name" certificate field.
Now, just create the proof of possession certificate with the following command:
openssl x509 -req -in verification.csr -CA root_cert.pem -CAkey root_private.pem -CAcreateserial -out verificationCert.pem -days 1024 -sha256
If I am not wrong, this last command signs the verification.csr, that has the verification code as the Common Name, with the root private key. At the end, the verificationCert.pem can be used as the proof of possession.
Upvotes: 9
Related Questions
- x509 certificate verification in C
- How to validate X509 certificate?
- Generate weak X509 certificate
- Programmatically Create X509 Certificate using OpenSSL
- How to verify a X509 certificate in C
- Create Self Signed Certificate with Subject Key Identifier
- OpenSSL X509 Verify Signature with CA
- verifying the signature of x509
- How to use X509_verify()
- How to generate SSL certificate with private key?