CDA SC510 Uživatelská příručka stáhnout pdf (Strana 18)

IST-033576 D2.1.4

4E:7B:C5:84:07:26:B3:2E:51:06:5C:2A:CE:DC:53:11:

FB:20:A1:62

X509v3 Authority Key Identifier:

keyid:4E:7B:C5:84:07:26:B3:2E:51:06:5C:2A:CE:DC:

53:11:FB:20:A1:62

DirName:/C=EU/ST=France/L=Rennes/O=INRIA/OU=IRIS

A/CN=XtreemOS-test-CA/[email protected]

serial:96:87:93:B3:BF:7C:49:49

X509v3 Basic Constraints:

CA:TRUE

Signature Algorithm: sha1WithRSAEncryption

2d:c6:ad:97:1d:22:c0:8e:3c:f1:97:6a:a4:7a:64:34:f4:0e:

...

This CA certiﬁcate is valid for 3 years, until Nov 11 14:24:45 2010.

Public key hash generation: When the SSL library checks the signature of

some certiﬁcate, it must locate the public key of the Certiﬁcate Authority who

signed the certiﬁcate. In order to locate this public key, the SSL library ﬁrst com-

pute a hash of the CA DN stored in the user certiﬁcate and uses this hash code

to browse the CA public key directory. The default CA public key directory in

XtreemOS is /etc/xos/certificates/. The CA public key hash can be

installed in the following way:

root: openssl x509 -in ~ca/security/XtreemOS-ca.crt

-noout -hash

076bb57f

root: cp ~ca/security/XtreemOS-ca.crt

/etc/xos/certificates/076bb57f.0

root:

Note the .0 sufﬁx which must be added to the hash. A different sufﬁx can be

used if a different certiﬁcate with the same hash is present.

The CA public key directory must contain ﬁles corresponding to the hash of

all DN of the CA chain containing the corresponding CA public keys:

root: ls -al /etc/xos/certificates

....

-rw-r--r-- 1 root root 1302 2007-11-12 15:34 076bb57f.0

....

root:

In this example, ﬁle 076bb57f.0 contains the XtreemOS-test-CA public

key.

XtreemOS–Integrated Project 16/49

1 2 ... 13 14 15 16 17 18 19 20 21 22 23 ... 50 51

Žádné komentáře

CDA SC510 Uživatelská příručka Strana 18