Thursday, August 25, 2016

Steps Taken for Creating a Self-Signed Certificate targeted for SOLiD with OpenSSL

[1] Modify /etc/ssl/openssl.cnf

[2] Add under [ v3_ca ] the line:
subjectAltName=URI:'http://bshambaugh.org/profile#me'

basicConstraints = CA:false


[3] openssl 2048 > localhost.key

[4] openssl req -new -x509 -nodes -sha256 \-days 3650 -key localhost.key -subj '/O=WebID/CN=Brent Shambaugh/' > localhost.crt


[5] openssl x509 -noout -text -in localhost.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12316411301973396186 (0xaaecaed2f1bb0ada)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=WebID, CN=Brent Shambaugh
        Validity
            Not Before: Aug 25 15:07:43 2016 GMT
            Not After : Aug 23 15:07:43 2026 GMT
        Subject: O=WebID, CN=Brent Shambaugh
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c4:1f:69:30:21:88:e6:13:f3:df:09:e5:cd:50:
                    68:59:9e:5c:c6:f8:90:45:b5:1a:b6:c1:cf:d6:86:
                    25:b6:52:bc:58:59:36:1d:1e:ca:34:5c:47:37:a3:
                    23:e9:f9:de:bd:53:44:2f:dd:18:38:b0:de:19:10:
                    73:79:5c:70:8c:3c:44:22:e7:64:06:ff:83:c8:2f:
                    ca:ab:7a:13:e9:13:55:c7:ed:b2:75:cb:d4:93:d6:
                    ef:1a:25:c3:ed:74:cb:3a:9f:2d:a6:c8:61:83:f7:
                    04:e1:af:4c:d9:a5:93:fa:0c:21:cd:5f:cc:86:21:
                    8f:8f:63:bc:ba:0c:c0:b8:41:d4:5e:2a:16:b5:cb:
                    48:d1:29:be:e3:ff:36:3f:22:a3:34:d8:4c:06:0e:
                    96:58:38:75:da:40:83:cb:1f:e0:7b:6f:b1:00:dc:
                    63:21:22:a4:6d:39:89:e6:3d:79:ca:ff:7f:10:4f:
                    16:b0:43:6f:26:f6:04:bb:69:49:87:ac:15:cc:8a:
                    24:40:df:74:92:28:d5:83:5d:77:43:3c:7a:31:2f:
                    32:8a:51:e2:dd:c0:d3:8b:a5:95:45:50:4f:2f:6d:
                    fa:d1:6d:e6:02:db:19:3a:2d:ca:60:11:bd:53:14:
                    98:74:4a:90:52:16:c2:87:d8:c2:f9:cb:fe:63:fe:
                    e3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:BB:34:0C:42:38:F8:8E:A1:E7:D7:B9:05:30:2B:BF:49:AD:74:4C
            X509v3 Authority Key Identifier:
                keyid:35:BB:34:0C:42:38:F8:8E:A1:E7:D7:B9:05:30:2B:BF:49:AD:74:4C

            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Alternative Name:
                URI:http://bshambaugh.org/profile#me
    Signature Algorithm: sha256WithRSAEncryption
         0f:b3:65:41:cc:d1:9f:81:a4:62:be:80:7f:f1:0a:ee:b2:24:
         85:d3:b2:41:e6:f6:e3:10:e4:72:61:d0:d5:5e:07:71:ef:63:
         6d:43:5b:ea:e1:77:9e:66:05:f2:de:17:c1:b7:9c:7b:91:d8:
         41:45:a2:b3:1e:f8:c1:41:c0:58:6f:f3:43:22:7c:a8:17:8d:
         b7:51:ae:b8:fc:5d:2f:bb:88:ae:b4:8e:d4:65:fe:8d:05:95:
         09:ec:c5:42:04:9d:ce:f7:25:f7:02:b5:87:54:46:d7:9f:90:
         ad:e3:6a:8e:bc:17:a1:33:b1:47:bd:a2:99:69:ef:b3:47:72:
         63:07:be:4a:fe:6e:c4:0e:59:f9:14:c7:49:0b:97:d6:13:97:
         0f:d7:52:e2:c8:19:54:24:a0:fb:54:2e:a7:12:d7:f2:e8:e7:
         1e:26:62:7f:0f:2f:58:ed:f4:fb:7a:e1:21:4b:e1:e0:0c:f2:
         36:ab:cd:a2:ab:f5:25:14:55:b1:78:95:b4:23:af:e2:ce:95:
         28:07:21:5e:74:2e:7d:1b:67:b1:67:66:9e:49:22:9e:82:2f:
         9a:64:eb:53:41:ee:0f:ce:18:0e:80:94:f0:4a:5d:ab:50:fc:
         f3:4d:5c:94:e4:7f:82:c0:65:8d:1e:1f:0e:21:ca:c5:a4:77:
         29:f7:c3:ee

------------
Inspiration: http://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl
Reference: https://tools.ietf.org/html/rfc5280

-------------------

The idea is to embed this in the php exec() or shell_exec() function. If this does not work satisfactorily of if Node.js is desired instead try https://www.npmjs.com/package/webid

Wednesday, August 24, 2016

Question about creating a certificate for SOLiD

I'm trying to use PHP to create a certificate for SOLiD.  It is not immediately clear to me how to set things other than distinguished name. I'm after "subject alternative name" etc. I see it here with openssl (http://blog.endpoint.com/2014/10/openssl-csr-with-alternative-names-one.html) but not with php
( http://php.net/manual/en/ref.openssl.php ). The functionality may not built into php. I may need to use the exec or shell_exec php function.

Also see: http://stackoverflow.com/questions/29861501/using-exec-with-php-to-run-a-command