Menu
We're trying to implement some functionality of a Web-Service from one of our partners. Now, the content which is beeing transmitted, should be encrypted with a public key, which we have to provide.
The security-specification says that the public-certificate has to be X.509 standard. Doesn't X.509 rely on the private / public key method? Because I only get one .pem file, containing a private key, and a certificate, but no public key, using the following command:
openssl req -new -x509 -days 365 -nodes -out ./cert.pem -keyout ./cert.pem Do I have to modify the command in order to create a private and a public key?
375
An X. 509 certificate consists of two keys, namely a public key and a private key. This key pair, depending upon the application, allows you to sign documents using the private key so that the intended person can verify the signature using the public key related to it.
First, we create a file (e.g. file name x509. ext ), in which the x509 extensions are defined. There are two sections – the one for the CA and the one for server certificates. After that, we create the CA and the server certificates.
509 certificate is that it is architected using a key pair consisting of a related public key and a private key. Applied to cryptography, the public and private key pair is used to encrypt and decrypt a message, ensuring both the identity of the sender and the security of the message itself.
An X. 509 (also called digital) certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed.
The basics command line steps to generate a private and public key using OpenSSL are as follow
openssl genrsa -out private.key 1024 openssl req -new -x509 -key private.key -out publickey.cer -days 365 openssl pkcs12 -export -out public_privatekey.pfx -inkey private.key -in publickey.cer Step 1 – generates a private key
Step 2 – creates a X509 certificate (.cer file) containing your public key which you upload when registering your private application (or upgrading to a partner application).
Step 3 – Export your x509 certificate and private key to a pfx file. If your chosen wrapper library uses the .pem file to sign requests then this step is not required.
Hope that helps! This answer explains the different file extensions.
190
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
