Thawte certificate with own private key: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
 
mNo edit summary
Line 5: Line 5:
[http://cuckoo.com/daniel/thawte/openssl_private_key_macosx.phpDaniel Baker <dbaker@cuckoo.com>]:
[http://cuckoo.com/daniel/thawte/openssl_private_key_macosx.phpDaniel Baker <dbaker@cuckoo.com>]:


* Generate your private key: openssl genrsa -des3 -out mail.key 1024
#'''Generate your private key: openssl genrsa -des3 -out mail.key 1024'''
<pre><nowiki>
wolfm@wolftux:~/thawte> openssl genrsa -aes256 -out mail.key 2048
wolfm@wolftux:~/thawte>
openssl genrsa -aes256 -out mail.key 2048
Generating RSA private key, 2048 bit long modulus
Generating RSA private key, 2048 bit long modulus
.......+++
.......+++
...+++
...+++
e is 65537 (0x10001)
e is 65537 (0x10001)
Enter pass phrase for mail.key:
Enter pass phrase for mail.key: ***your secret***
Verifying - Enter pass phrase for mail.key:
Verifying - Enter pass phrase for mail.key: ***your secret***
</nowiki></pre>

Revision as of 08:43, 1 December 2005

Any certification authority such as Thawte may have the chance to see and store your private key, which is not a the way you prefer. It is assumed a basic understanding of how public key infrastructure with X.509 certificates (for S/MIME e-mail encryption) works.

If you want to have your name in the Thawte Certificate you have to pass the web of trust procedure to demonstarate that the notaries believe your name to be authentic, not just your e-mail address. (See details here.) If you have accumulated enough trustpoints you can start the following procedure from Baker <dbaker@cuckoo.com>:

  1. Generate your private key: openssl genrsa -des3 -out mail.key 1024
wolfm@wolftux:~/thawte> 
openssl genrsa -aes256 -out mail.key 2048
Generating RSA private key, 2048 bit long modulus
.......+++
...+++
e is 65537 (0x10001)
Enter pass phrase for mail.key: ***your secret***
Verifying - Enter pass phrase for mail.key: ***your secret***