rtwingfield
September 1st, 2011, 19:51
There are two essential commands to execute, openssl (twice) and cat. (The other operations in the following list are more or less optional, but advisable for security considerations.)
# cd /usr/local/etc/jabberd/.ssh . . .or your path of choice
# openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem
# openssl rsa -in privkey.pem -out privkey.pem . . .to remove the passphrase
# cat privkey.pem >> server.pem . . .combine both the private key and the public certificate into a common file, server.pem
# rm privkey.pem
# chown root:jabber server.pem
# chmod 640 server.pem
The first instance of the openssl req -new command construct generates the private/public key pair which will be combined into a common file (arbitrarily named server.pem in this example . . .just be consistent in your jabberd component *.xml configuration files), once the passphrase is removed.
For your information, the dialogue of the openssl req -new construct as follows:Generating a 1024 bit RSA private key
...........................++++++
......++++++
writing new private key to 'privkey.pem' . . .private key file is generated without admin. intervention, but is empty at this point.
Enter (private key) PEM pass phrase: "whatever" . . .it will be removed anyway.
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Arkansas
Locality Name (eg, city) []:Little Rock
Organization Name (eg, company) :FooBar Network Services
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:foobar.net
Email Address []:John.Smith@foobar.net
The resulting combined file (server.pem) containing the public certificate and the RSA private key stripped of the passphrase:
-----BEGIN CERTIFICATE-----
MIID4zCCA0ygAwIBAgIJAKv4v1LLW1Y5MA0GCSqGSIb3DQEBBQ UAMIGoMQswCQYD
[I]. . .nineteen additional lines
mtF5HGy99+Su6/+63ybyHZee6sXB4Bdqv2kh6ATAB1RDu2nVxu1I
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCr1DLAmxpHUZ2vmHGtUIzmLCdlmlS/KsJETXeikNqoJgJgVuZQ
. . .eleven additional lines
AWIM4MJTj270Idvf2ZNROvnTFfDaZVsmPAQcTeZiYhE=
-----END RSA PRIVATE KEY-----
Before the passphrase was removed, the RSA private key (privkey.pem) looked like this:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,42E29F1D1FA0E01B
+GyJe923X/+N/9v6WMS7h1qhZ3rk/dCqutWvOtv0btwbLxd1LyBuoIGau4A0RPMQ
. . .eleven additional lines
PkV0tI36tBnSt689v4IfX9DLm2YQAZd1GS2MvrGOqsIib79kGL u/cw==
-----END RSA PRIVATE KEY-----
# cd /usr/local/etc/jabberd/.ssh . . .or your path of choice
# openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem
# openssl rsa -in privkey.pem -out privkey.pem . . .to remove the passphrase
# cat privkey.pem >> server.pem . . .combine both the private key and the public certificate into a common file, server.pem
# rm privkey.pem
# chown root:jabber server.pem
# chmod 640 server.pem
The first instance of the openssl req -new command construct generates the private/public key pair which will be combined into a common file (arbitrarily named server.pem in this example . . .just be consistent in your jabberd component *.xml configuration files), once the passphrase is removed.
For your information, the dialogue of the openssl req -new construct as follows:Generating a 1024 bit RSA private key
...........................++++++
......++++++
writing new private key to 'privkey.pem' . . .private key file is generated without admin. intervention, but is empty at this point.
Enter (private key) PEM pass phrase: "whatever" . . .it will be removed anyway.
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Arkansas
Locality Name (eg, city) []:Little Rock
Organization Name (eg, company) :FooBar Network Services
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:foobar.net
Email Address []:John.Smith@foobar.net
The resulting combined file (server.pem) containing the public certificate and the RSA private key stripped of the passphrase:
-----BEGIN CERTIFICATE-----
MIID4zCCA0ygAwIBAgIJAKv4v1LLW1Y5MA0GCSqGSIb3DQEBBQ UAMIGoMQswCQYD
[I]. . .nineteen additional lines
mtF5HGy99+Su6/+63ybyHZee6sXB4Bdqv2kh6ATAB1RDu2nVxu1I
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCr1DLAmxpHUZ2vmHGtUIzmLCdlmlS/KsJETXeikNqoJgJgVuZQ
. . .eleven additional lines
AWIM4MJTj270Idvf2ZNROvnTFfDaZVsmPAQcTeZiYhE=
-----END RSA PRIVATE KEY-----
Before the passphrase was removed, the RSA private key (privkey.pem) looked like this:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,42E29F1D1FA0E01B
+GyJe923X/+N/9v6WMS7h1qhZ3rk/dCqutWvOtv0btwbLxd1LyBuoIGau4A0RPMQ
. . .eleven additional lines
PkV0tI36tBnSt689v4IfX9DLm2YQAZd1GS2MvrGOqsIib79kGL u/cw==
-----END RSA PRIVATE KEY-----