Help with issuing self signed certificates



Hey guys,
I try to understand something about self signed certificates.
I generate a RSA key using openSSL.
Than I sign the key using the command:
openssl req -new -x509 -nodes -sha -days 365 -key key.pem -out
keyca.pem

my questions please:
1. does the new keyca.pem replaces the original key.pem file in my TLS
Server configuration Or do I need to configure both?
2. How do I make the clients trust my CA? I understand I need to
install the CA's public key for that. How do I create / find it from
openSSL?

This is a test setup, and I have full control on server AND clients
configurations.

I may have some bad assumptions on TLS. Please correct me if that's
true.

Thanks,
Asi.
.



Relevant Pages

  • Re: SSL problem/help
    ... Wheezy has OpenSSL 1.0.1 which introduces ... new TLS protocols ... The server seems to be unable to cope with those new protocols. ... I am guessing there is slight problem with the cert at ...
    (Debian-User)
  • LibreSSL: More Than 30 Days Later
    ... LibreSSL was officially announced to the world just about exactly five ... OpenSSL crypto and TLS library. ... eggs in one basket, and then watch that basket very carefully, right? ...
    (comp.misc)
  • Re: Help with issuing self signed certificates
    ... I generate a RSA key using openSSL. ... How do I make the clients trust my CA? ... OpenSSL comes with a simplistic script CA.sh (there's also a perl ... You also need a CA certificate, and a few files here and there for the ...
    (comp.security.misc)
  • Re: Severe OpenSSL security bug & OpenVMS
    ... I was under the impression that it only impacts an OpenSSL from within the past few years which is not what is available for VMS. ... TLS and SSL security bugs, ...
    (comp.os.vms)
  • [Full-Disclosure] Gentoo Linux Security Advisory 200403-03: Multiple OpenSSL Vulnerabilities
    ... Three vulnerabilities have been found in OpenSSL via a commercial test ... suite for the TLS protocol developed by Codenomicon Ltd. ... Testing performed by the OpenSSL group using the Codenomicon TLS ... with backported security patches. ...
    (Full-Disclosure)