Creating a DH Parameter (Key) File and a DSA Certificate and Key

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP Open Source Security for OpenVMS Volume 2:...

OpenSSL Command Line Interface

Password Arguments

OpenSSL Command Line Interface (CLI) Reference

Creating a DH Parameter (Key) File and a DSA Certificate and Key

In order to establish an SSL connection with the DH (key exchange) and DSA (DSS, signing) algorithms, a DH parameter file and DSA certificates and keys are required in your SSL application. The Certificate Tool (described in Chapter 3) does not provide this functionality. However, the OpenSSL command-line utility allows you to create the required files.

The following lines demonstrate how to create the DH and DSA related files.

## Create a DH parameter (key size is 1024 bits)
   $ openssl dHParam -outform PEM -out dHParam.pem 1024
 
## Create a DSA certificate
 
- Create DSA parameters (key size is 1024 bits)
  $ openssl dsaparam -out dsaparam.pem 1024
 
- Create a DSA CA certificate and private key(using DSA parameter in dsaparam.pem)

 $ openssl req -x509 -newkey dsa:dsaparam.pem 
-keyout dsa_ca.key -out dsa_ca.crt -config SSL$CONF
 
- Create DSA certificate signing request(dsa_cert.csr)& private key(dsa_cert.key)
 
  $ openssl req -out dsa_cert.csr -keyout dsa_cert.key 
-newkey dsa:DSAPARAM.PEM -config SSL$CONF
 
- Sign Certificate Signing Request with DSA CA Certificate and Create a New Certificate
 
 $ openssl ca -in dsa_cert.csr -out dsa_cert.crt 
 
-config SSL$CA_CONF

Password Arguments

OpenSSL Command Line Interface (CLI) Reference