Thawte certificate with own private key: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
mNo edit summary |
||
| Line 5: | Line 5: | ||
[http://cuckoo.com/daniel/thawte/openssl_private_key_macosx.phpDaniel Baker <dbaker@cuckoo.com>]: |
[http://cuckoo.com/daniel/thawte/openssl_private_key_macosx.phpDaniel Baker <dbaker@cuckoo.com>]: |
||
#'''Generate your private key: openssl genrsa -des3 -out mail.key 1024''' |
|||
<pre><nowiki> |
|||
| ⚫ | |||
wolfm@wolftux:~/thawte> |
|||
| ⚫ | |||
Generating RSA private key, 2048 bit long modulus |
Generating RSA private key, 2048 bit long modulus |
||
.......+++ |
.......+++ |
||
...+++ |
...+++ |
||
e is 65537 (0x10001) |
e is 65537 (0x10001) |
||
Enter pass phrase for mail.key: |
Enter pass phrase for mail.key: ***your secret*** |
||
Verifying - Enter pass phrase for mail.key: |
Verifying - Enter pass phrase for mail.key: ***your secret*** |
||
</nowiki></pre> |
|||
Revision as of 08:43, 1 December 2005
Any certification authority such as Thawte may have the chance to see and store your private key, which is not a the way you prefer. It is assumed a basic understanding of how public key infrastructure with X.509 certificates (for S/MIME e-mail encryption) works.
If you want to have your name in the Thawte Certificate you have to pass the web of trust procedure to demonstarate that the notaries believe your name to be authentic, not just your e-mail address. (See details here.) If you have accumulated enough trustpoints you can start the following procedure from Baker <dbaker@cuckoo.com>:
- Generate your private key: openssl genrsa -des3 -out mail.key 1024
wolfm@wolftux:~/thawte> openssl genrsa -aes256 -out mail.key 2048 Generating RSA private key, 2048 bit long modulus .......+++ ...+++ e is 65537 (0x10001) Enter pass phrase for mail.key: ***your secret*** Verifying - Enter pass phrase for mail.key: ***your secret***