CIC allows you to use certificates for encryption and signing. You can either generate them using CIC (see Generating Keys and Certificates) or generate them outside of CIC. If you generate them outside, you must import them into CIC. This article contains an example of how to create certificates you can use in CIC. There are other methods to create certificates, and this is not an endorsement of this method of creating certificates over any other.
Example: Using OpenSSL
You can use OpenSSL (an open-source, free-to-use toolkit for TLS and SSL protocols) to create self-signed certificates. Visit https://www.openssl.org/ for more information about OpenSSL.
Here's an example of how to use OpenSSL to create a self-signed x509v3 certificate (public cert and private key pair) with an RSA 2048-bit key, a SHA-256 signature algorithm, common key usage attributes, and an expiration date in 2 years.
- Create a text file,
openssl.cnf
as shown below. This file is used by the command you enter to generate the certificate.[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = IL
L = Chicago
OU = MyDivision
O = MyCompany
emailAddress = me@mycompany.com
CN = www.company.com
[v3_req]
keyUsage = digitalSignature, keyEncipherment - Open a command prompt and enter the following command:
openssl req -newkey rsa:2048 -x509 -sha256 -days 730 -keyout example_privatekey.pem -out example.cer -config openssl.cnf -extensions v3_req
- When prompted, enter a private key password and confirm it.
- From the public and private key pair, create a .p12 (PFX) file that you can import into CIC. At a command prompt, enter the following command:
openssl pkcs12 -inkey example_privatekey.pem -in example.cer -export -out example.p12
- When prompted, enter the private key password you created above.
- Import the resulting .p12 file into CIC as your signing and decryption certificate, and provide the .cer file to your trading partner.
Comments
0 comments
Please sign in to leave a comment.