Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Step 1

Create a Self-Signed CA Request:
 
ucert -create request -request_file ca_req.pem -private_key_file ca_pkey.pem -country US -state GA -locality Alpharetta -organization Stonebranch -common_name Stonebranch

Step 2

Create a CA Certificate:
 
ucert -create cert -request_file ca_req.pem -private_key_file ca_pkey.pem -cert_file ca_cert.pem -ca yes -not_after_date +3650

Step 3

Create a Server Certificate Request:
 
ucert -create request -request_file ubr1_req.pem -private_key_file ubr1_pkey.pem -country US -state GA -locality Alpharetta -organization Stonebranch -common_name "l64agent"

Step 4

Create a Server Certificate:
 
ucert -create cert -ca_cert_file ca_cert.pem -request_file ubr1_req.pem -private_key_file ca_pkey.pem -cert_file ubr1_cert.pem -not_after_date +3650

Step 5

The following files are generated in Steps 1 - 4:

  • CA PKEY = ca_pkey.pem
  • CA CERT = ca_cert.pem
  • Server PKEY = ubr1_pkey.pem
  • Server CERT = ubr1_cert.pem

Step 6

Add Server CERT and PKEY to the target ubroker.conf:

  • certificate /home/test/ubr1_cert.pem
  • private_key /home/test/ubr1_pkey.pem

Step 7

Copy ca_cert.pem to the source server.

Step 8

Run the following command from the source server to test:
 
/opt/universal/bin/ucmd -host l64agent -userid test -pwd xxx -cmd "pwd" -level info -verify_host_name yes -ca_certs /home/test/ca_cert.pem

Step 9

Use Universal Certificate to print the certificate and verify the certificate serial number:
 
ucert -print cert -cert_file ubr1_cert.pem
 
See #Certificate Certificate, below.

Step 10

Run following command from the source server to test:
 
/opt/universal/bin/ucmd -host l64agent -userid test -pwd xxx -cmd "pwd" -level info -verify_host_name yes -ca_certs /home/test/ca_cert.pem -verify_serial_number 0x28c91a7fb2f26649

Anchor
Certificate
Certificate
Certificate

Panel


Html bobswift
<pre>
Certificate:
    Data:
        Version: 3 (0x2)
        <b>Serial Number:
            28:c9:1a:7f:b2:f2:66:49</b>
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=GA, L=Alpharetta, O=Stonebranch, CN=Stonebranch
        Validity
            Not Before: Feb  8 21:08:12 2016 GMT
            Not After : Feb  6 02:08:12 2026 GMT
        Subject: C=US, ST=GA, L=Alpharetta, O=Stonebranch, CN=l64agent
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:d9:30:22:5b:b4:62:5c:d9:26:4b:16:02:cc:22:
                    65:b8:ed:89:2d:6e:94:f8:b4:51:2c:1b:b7:5b:63:
                    74:ce:c5:05:a6:a9:52:47:f2:56:5e:58:cd:f8:c6:
                    a9:1d:54:a6:52:9f:5c:95:4f:27:db:bd:6f:ba:cc:
                    23:17:67:aa:3a:12:1b:21:97:32:ce:bf:22:c2:1c:
                    2d:4b:a5:c4:99:18:38:96:48:06:9b:2b:98:df:74:
                    e3:92:af:86:21:75:ed:77:86:63:af:a2:71:c4:0e:                                                                                                                                                         
                    a8:ac:1d:dc:26:65:b0:ed:b0:06:50:4b:da:e4:01:                                                                                                                                                         
                    7a:49:7e:9b:38:1d:c7:2d:57                                                                                                                                                                             
                Exponent: 3 (0x3)                                                                                                                                                                                         
        X509v3 extensions:                                                                                                                                                                                                 
            X509v3 Basic Constraints:                                                                                                                                                                                     
                CA:FALSE                                                                                                                                                                                                   
            X509v3 Subject Key Identifier:                                                                                                                                                                                 
                CA:8D:DB:15:B8:A9:42:EC:51:A2:B7:C3:19:76:F7:15:35:1D:C8:9E                                                                                                                                               
            X509v3 Authority Key Identifier:                                                                                                                                                                               
                DirName:/C=US/ST=GA/L=Alpharetta/O=Stonebranch/CN=Stonebranch                                                                                                                                             
                serial:79:19:7A:72:ED:D5:1F:7B                                                                                                                                                                             

            X509v3 Key Usage:                                                                                                                                                                                             
                Digital Signature, Non Repudiation, Key Encipherment                                                                                                                                                       
    Signature Algorithm: sha1WithRSAEncryption                                                                                                                                                                             
        b0:b3:0d:8c:06:fe:4a:b0:e8:46:fd:8f:d8:64:d1:5e:11:b3:                                                                                                                                                             
        68:43:34:28:08:4b:e0:62:39:c1:6c:06:76:f3:e5:9d:8c:4e:                                                                                                                                                             
        15:57:56:d7:bf:92:f3:cf:6a:c8:36:54:28:2d:f9:9f:ad:67:                                                                                                                                                             
        44:1a:2e:32:ad:8b:8a:a0:86:64:8d:73:a0:60:46:65:f0:62:                                                                                                                                                             
        1f:02:db:c7:7c:99:db:ad:5b:80:3e:e9:b2:88:19:23:15:e6:                                                                                                                                                             
        7a:1d:53:e3:51:60:2d:99:0c:20:08:5a:ae:0f:c8:d3:20:a4:                                                                                                                                                             
        31:91:8b:a7:c2:c8:7a:ab:6c:2d:18:7a:1e:95:4b:c0:3e:5f:
        f9:cf
</pre>