cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Digital Signatures and certificates

Former Member

on ‎03-14-2008 3:12 PM

0 Kudos

We are using Cerificates for signing and encrypting EDI messages. From SAP KEY Store in Visual Admin, we are able to create Certifactes ( Public key) based on MD5 hash. But one of our retail cusotomers is insisting for SHA1 based certicates. So we need to generate the key pair outside SAP. I am looking for a tool to create this key pair. I had a brief look at OPENSSL. Does anybody have a document on using OPENSSL tool ?

cheers

Ramesh

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-14-2008 3:30 PM
0 Kudos

I have seen that link. It does not tell me how to instal the OPENSSL software. It looks like OPEN SSL runs only on LINUX or UNIX. So if you are using Windows environment to generate Cerifcates, you need another emulation software.

Show replies
Show replies
Former Member
‎04-07-2008 3:52 PM
0 Kudos

Open SSL can easily be installed on Windows and is run via Dos.

In order to create keys you first create a key using a command similar to this

c:\openssl-0.9.7a\out\openssl genrsa -out myprivatekey.key 2048

which creates a 2048 bit key (may be illegal in the USA which restricts the size of a key)

You then create a Certificate Signing Request (CSR) using something like the following

c:\openssl-0.9.7a\out\openssl req -config myconfig.conf -new -key myprivatekey.key -out mysignaturerequest.csr

A simple config file looks like this

RANDFILE = c:/temp/testcertificates/.rnd

[ req ]

default_bits = 2048

default_keyfile = privkey.pem

distinguished_name = req_distinguished_name

attributes = req_attributes

prompt = no

output_password = password

[ req_distinguished_name ]

C = Country

ST = City

L = Street

O = JESSICA_ALBA

OU = JESSICA_ALBA

CN = JESSICA_ALBA

[ req_attributes ]

challengePassword = password

[ v3_req ]

basicConstraints = CA:FALSE

keyUsage = digitalSignature, keyEncipherment

  1. end of sample config file

Send your CSR to a Certificate Authority.

A lot of Certificate Authoritiies do all of this for you enabling you to create your key and csr via their web site.

There's a wealth of information available via google on Open SSL, but have a strong coffee first ;o)

Good luck,

John

Former Member
‎03-14-2008 3:15 PM
0 Kudos

Ramesh,

Please check this:

http://www.openssl.org/docs/HOWTO/

Regards,

---Satish

Show replies
Show replies
Ask a Question