I do now. I installed the NSS command line tools via yum ("yum install nss-tools").
This is how I created the certificate database and imported the CA's certificate, marking it as trusted for web sites in the process:
[ec2-user@ssltest ~]$ mkdir ~/ssl_dir [ec2-user@ssltest ~]$ export SSL_DIR=~/ssl_dir [ec2-user@ssltest ~]$ certutil -N -d ~/ssl_dir Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, and should contain at least one non-alphabetic character. Enter new password: Re-enter password: [ec2-user@ssltest ~]$ certutil -A -n ca -i ~/ca/ca.crt -t TC -d ~/ssl_dir [ec2-user@ssltest ~]$ certutil -L -d ~/ssl_dir Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ca CT,, [ec2-user@ssltest ~]$ curl https://ssltest.oracleateam.com/ Index page.
Then I imported the client certificate, turned cert verification back on and tested again:
[ec2-user@ssltest ~]$ pk12util -i ~/ca/tester.p12 -d ~/ssl_dir Enter Password or Pin for "NSS Certificate DB": Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL [ec2-user@ssltest ~]$ [ec2-user@ssltest ~]$ certutil -L -d ~/ssl_dir Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ca CT,, tester u,u,u [ec2-user@ssltest ~]$ curl -E tester:ABcd1234 https://ssltest.oracleateam.com/ Index page.Notice how I used the p12 file? Yeah, good thing I updated my CA script to generate that file too!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.