Thawte certificate with own private key

From
Revision as of 08:31, 1 December 2005 by Wolfm (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Any certification authority such as Thawte may have the chance to see and store your private key, which is not a the way you prefer. It is assumed a basic understanding of how public key infrastructure with X.509 certificates (for S/MIME e-mail encryption) works.

If you want to have your name in the Thawte Certificate you have to pass the web of trust procedure to demonstarate that the notaries believe your name to be authentic, not just your e-mail address. (See details here.) If you have accumulated enough trustpoints you can start the following procedure from Baker <dbaker@cuckoo.com>:

  • Generate your private key: openssl genrsa -des3 -out mail.key 1024

wolfm@wolftux:~/thawte> openssl genrsa -aes256 -out mail.key 2048 Generating RSA private key, 2048 bit long modulus .......+++ ...+++ e is 65537 (0x10001) Enter pass phrase for mail.key: Verifying - Enter pass phrase for mail.key: