i would like to Keep same public key after certificate renewal using Cert Manager!
Hope that there is asolution for this issue!
Thanks
Related
I am working with some XYZ API provider.
What they are asking is the following:
Certificate with 4096 bits public key for encryption (.pem or .cer
format)
SSL certificate for sending callback response on call back URL.
I generated the self-signed SSL certificate using OpenSSL & shared with them along with the private key (I know we shouldn't). They asked me to share a valid public key & SSL certificate.
I even generated a certificate & private key on DigiCert, but couldn't figure out how to generate a public key for SSL Certificate.
Can anyone kindly suggest how to generate Public key & private key for the SSL Certificate?
Kindly also suggest if I can use Comodo or DigiCert to generate a public key for the SSL certificate?
An SSL Certificate is a public key verified and signed by a Certificate Authority. You generate a public/private key pair, then from that generate a Certificate Signing Request (which includes the public key), which you send to the CA. It then signs that public key included in the CSR producing the certificate which it sends back to you. See also here.
It sounds like you already have this though, so you'd need to clarify what you're trying to achieve. It sounds like it may be a client authentication / mutual authentication scenario? If so, it depends on what the service provider requires - certificates for client authentication may need to be signed either by a public authority that the server trusts, or by the server itself.
I'm new to setting up ssl for curl. We were given a .cer file and the admin created a private.key. When we tried to associate the .cer with the private.key, the modulus's don't match. Is there a way to correct this? it would be easier to recreate the private.key with the proper modulus but I'm unsure how to do this without wrecking the openssl configuration.
any assistance would be appreciated!
Tom
Something wrong with the process here. You can't be just 'given' a certificate and then create a private key for it. The process goes like this:
You create a private key.
You create a certificate signing request (CSR).
You submit the CSR to some certificate authority (CA).
They verify your identity and then issue you a signed certificate.
The CSR and the signed certificate both contain the public key corresponding to the private key you first created.
Public and private-key pair will be generated during the creation of CSR on our server. We will send the CSR and public key to CA by holding private key with us. CA will validate our public key before signing it with private key of CA's root certificate. We are having our own CA team to certify the CSR requests. My queries are as follows:
Will CSR itself includes public key or do we need to provide public key separately to CA ?
Will CSR be signed by our public key before sending it to CA (or) CSR hold public key besides it?
Will CA sign over only over CSR (or) on the combined set of CSR + public key.?
Should we install CA's root and intermediate certs in our trust store both on the client and server side? since we are using our own CA instead of Global CA.
When we are presenting server certificate to client, will that cert includes public key of server.?
Should we install the server's public key in the truststore of clients for encryption purpose?
Thanks for the help, in advance.
Will CSR itself includes public key or do we need to provide public key separately to CA ?
The public key is inside the CSR
Will CSR be signed by our public key before sending it to CA (or) CSR hold public key besides it?
The CSR is signed by your key. The public key is not enough but the private is needed for signing.
Will CA sign over only over CSR (or) on the combined set of CSR + public key.?
The CA will extract the information from the CSR including the public key and sign it. It will not sign the CSR itself.
Should we install CA's root and intermediate certs in our trust store both on the client and server side? since we are using our own CA instead of Global CA.
Only the root needs to be stored at the client as trust anchor. The intermediate certs should be send by the server together with the servers certificate inside the SSL handshake.
When we are presenting server certificate to client, will that cert includes public key of server.?
Yes, a certificate is the public key and additional information like subject (hostname).
Should we install the server's public key in the truststore of clients for encryption purpose?
No. The client will get the certificate during the SSL handshake. You only want to know about the servers certificate or public key before doing the handshake if you use certificate pinning.
Amazon Cloudfront is giving me errors, either my private key doesn't match my public key certificate or my public key certificate cannot be parsed as it's invalid.
Using Godaddy for my SSL certificate middle man/provider, I got a:
.pem whoose contents beings with "-----BEGIN RSA PRIVATE KEY-----"
(I'm assuming that's my private key)
Inside Godaddy I am able to download some certs for the SSL, they are:
.crt (type = Security Certificate)
.p7b (type = PKCS #7 Certificate)
Is one of the above my public key? Or is there another way I am supposed to get my public key?
I have encountered this issue before with bad CSR Request.
According to GoDaddy:
To install a digital certificate, you must first generate and submit a Certificate Signing Request (CSR) to the Certification Authority (CA). The CSR contains your certificate-application information, including your public key. Use your Web server software to generate the CSR, which will also create your public/private key pair used for encrypting and decrypting secure transactions.
http://support.godaddy.com/help/article/5343/generating-a-certificate-signing-request
It also states: NOTE: When generating your CSR, specify a key size of 2048 or higher.
The key size is sometimes the culprit. Hope it helps.
I am new to Cryptogrphy, HTTPS and SSL !!!
If i am not wrong , the private key of an End Entity certificate (certificate issued by trusted CA like Verisign) is used to decrypt the information sent by the client !
But does a root certificate also have a Private Key?
If Yes, then I wanted to know where exactly the private key of a root certificate is used?
What happens if it is leaked ?
If I am not wrong, the private key of an End Entity certificate (certificate issued by trusted CA like Verisign) is used to decrypt the information sent by the client
You are wrong. It isn't. The peer's own private key is used to sign the certificate so the client can verify that the peer owns the certificate he presents, and the private key of signing certificates is used to, err, sign certificates.
The root certificate's private key is (normally) only used to sign the intermediate certificates. Compromising it allows you to create new intermediate certificates, and by extension, certificates for any domain.
A root certificate is the top-most certificate of the tree, the private key of which is used to "sign" other certificates. All certificates immediately below the root certificate inherit the trustworthiness of the root certificate - a signature by a root certificate is somewhat analogous to "notarizing" an identity in the physical world. If you knew the private key, you could create new (counterfeit) certificates.