I use the following set of openssl commands to generate client certificate
# create key
openssl genrsa -out client.key -aes256 -passout pass:password 2048
# create client certificate request
openssl req -new -key client.key -out client.csr -subj '/C=UA/O=MyCompany/CN=MyName/emailAddress=test#example.com' -passin pass:password
# Sign client certificate request with intermediate CA private key
openssl x509 -req -in client.csr -CA interm_cert.pem -CAkey interm_key.pem -CAcreateserial -CAserial intermediateCA.srl -extensions usr_cert -extfile openssl.conf -out client.crt -days 3650 -sha256 -passin pass:password
# generate client pfx
openssl pkcs12 -export -out client.pfx -inkey client.key -in client.crt -certfile interm_cert.pem
# convert to pem
openssl pkcs12 -in client.pfx -out client.pem -nodes
Now, I need to replicate that using jsrsasign library. Yes, I can easily create key pair using KUTIL.generateKeypair and certificate signing request, but this is as mach as I could figure out so far, using the library reference
Any help is greatly appreciated
Related
I want to encrypt text with RSA using Public.pem and private.pem
I generated these files with openssl
openssl genrsa -out private.pem 2048
openssl rsa -pubout -in private.pem -out public.pem
I need to encrypt the text in javascript (I use this Library) only for encryption.
This text in base64 is sent to the server in C#, I use RSACryptoServiceProvider, but I only saw that is possible load public key with:
RSAParameters RSAParams = RSA.ExportParameters(false);
RSAParams.Modulus = privateKey;
RSA.ImportParameters(RSAParams);
But I need use my own private.pem file to decrypt my text and use it after.
How can I make this?
I'm trying to provision devices through AWS IOT api calls, i have used the AWS CLI to get CA Certificate and i have also generated X.509 certificate. Can anyone please guide me on how to Create Thing and attach certificate through SDK?
I have successfully used the API to create devices on AWS IoT Core by following these steps.
Using the CLI i made CA certificate using rsa key
openssl genrsa -out certs/rootCA.key 2048
openssl req -x509 -new -nodes -key certs/rootCA.key -sha256 -days 1024 -out certs/rootCA.pem
aws iot get-registration-code (registrationCode used later as a "Common Name")
openssl genrsa -out certs/verificationCert.key 2048
Then i created a CSR
openssl req -new -key certs/verificationCert.key -out certs/verificationCert.csr
openssl x509 -req -in certs/verificationCert.csr -CA certs/rootCA.pem -CAkey certs/rootCA.key -CAcreateserial -out certs/verificationCert.crt -days 500 -sha256
Registered the CA Certificate
aws iot register-ca-certificate --ca-certificate file://certs/rootCA.pem --verification-certificate file://certs/verificationCert.crt --allow-auto-registration
aws iot update-ca-certificate --certificate-id e3f0a30c3bbd4c9fdbb752cf2717fda21fbd2f8158e5dc0bb320c8bdbabf6295 --new-status ACTIVE
Then i used the the verificationCert.csr for createCertificateFromCsr and used the certificateArn from response in attachPolicy and attachThingPrincipal
You cant connect a device to AWS IoT with an API if you are trying to use HTTPS. AWS IoT specifically requires the MQTT broker on AWS IoT Core. Are you using this with a device like RPi?
I'm trying to get SSL https working on my nodejs server but the browser returns a ERR_SSL_PROTOCOL_ERROR
code:
var express = require('express');
var https = require('https');
var http = require('http');
var fs = require('fs');
var options = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
}
http.createServer(app).listen(80);
https.createServer(options, app).listen(443);
This will happen if your key isn't generated correctly.
A lot of places will tell you to do this:
openssl genrsa -out key.pem
That will not work if you're on a Mac, and instead you need to do this to make the key length 2048:
openssl genrsa -out key.pem 2048
In summary, do these steps to make a correct key on Mac:
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out client.csr
openssl x509 -req -in client.csr -signkey key.pem -out cert.pem
I'm using Node.js and trying to mimic the functionality of the following openssl command to generate a public key:
$> openssl ecparam -name prime256v1 -genkey -noout -out keys
$> openssl ec -in keys -pubout -out pubkey
The closest I have is:
var ec = crypto.createECDH('prime256v1');
var pub = ec.generateKeys("base64");
But this key is far shorter and doesn't work. Any ideas how I could mimic the functionality exactly?
I used OpenSSL to generate a certificate with the following steps:
~/openssl genrsa -out server.key 2048
~/openssl req -new -x509 -key server.key -out server.crt -days 730
And then loaded these files into node.js
var https = require('https');
var privateKey = fs.readFileSync('./server.key', 'utf8');
var certificate = fs.readFileSync('./server.crt', 'utf8');
var credentials = {
key: privateKey,
cert: certificate
};
var app = express();
var httpsServer = https.createServer(credentials, app);
This way, my server was running as expected. But in Chrome, when i click View Site Information, it was saying that I use an "obsolete cipher suite"..
So I checked Google's certificate, and it was saying a "modern cipher suite".
Only difference between my self-signed certificate and Google's was the Key Exchange Algorithm which was RSA on my side and ECDHE_ECDSA on Google's side.
So I decided to create a new certificate using;
~/openssl ecparam -name prime256v1 -genkey -param_enc explicit -out server.key
~/openssl req -new -x509 -key server.key -out server.crt -days 730
Files are created, and node.js gives no error about anything. But when I try to connect to server, my browser simply closes the connection (ERR_CONNECTION_CLOSED) with no indication of error on both server and client side.
I tried different private keys with different parameters but no luck. A simple error message somewhere would help a lot but I'm stuck for hours Googling about how to create Modern Ciphers, trying those out and end up having nothing.
So my question is, how am I supposed to create a self-signed strong/modern cipher (with openssl) that can work with Node.js https module?