$ openssl verify /etc/ipsec.d/certs/ubonzoCert.pem /etc/ipsec.d/certs/ubonzoCert.pem: /C=es error 18 at 0 depth lookup:self signed certificate OK $ openssl x509 -in /etc/ipsec.d/certs/ubonzoCert.pem -noout -subject subject= /C=es Poquita cosa de certificado parece. Bien, parece que navegando por los manuales, he conseguido crear uno nuevo: $ openssl req -newkey rsa:1024 -keyout key.pem -out req.pem Me pide una contraseña para la clave en key.pem, y la información para la solicitud del certificado. La solicitud queda almacenada en req.pem. Ahora autofirmaré mi certificado con la clave recién creada: $ openssl x509 -req -in req.pem -signkey key.pem -out cert.pem Signature ok subject=/C=ES/ST=Madrid/O=Debian/CN=Ismael Valladolid Torres/emailAddress=ivalladt@gmail.com Getting Private key Enter pass phrase for key.pem: Entro la misma contraseña anterior, ahora el certificado autofirmado queda en cert.pem. $ openssl verify cert.pem cert.pem: /C=ES/ST=Madrid/O=Debian/CN=Ismael Valladolid Torres/emailAddress=ivalladt@gmail.com error 18 at 0 depth lookup:self signed certificate OK Mucho mejor. $ openssl x509 -in cert.pem -noout -text Certificate: Data: Version: 1 (0x0) Serial Number: e6:45:38:89:ef:52:12:4f Signature Algorithm: md5WithRSAEncryption Issuer: C=ES, ST=Madrid, O=Debian, CN=Ismael Valladolid Torres/emailAddress=ivalladt@gmail.com Validity Not Before: Apr 12 17:53:19 2005 GMT Not After : May 12 17:53:19 2005 GMT Subject: C=ES, ST=Madrid, O=Debian, CN=Ismael Valladolid Torres/emailAddress=ivalladt@gmail.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c8:d2:82:79:48:e1:b6:a5:6a:2f:0b:7a:bb:ec: 97:cc:49:2d:64:7d:f1:d2:71:b4:9e:25:9b:09:bf: 51:93:36:42:b7:6b:ed:34:63:45:8f:9d:59:17:50: 49:ec:e3:2a:49:6e:dd:fc:98:3f:fe:0e:d3:15:01: 03:a3:ea:1c:e9:64:9a:28:8e:4b:3e:46:d3:39:29: 20:a3:09:31:23:0d:34:22:b3:37:1e:e7:f8:a8:a8: 1f:46:cb:1c:b0:64:b0:4c:39:49:4e:25:4b:74:49: 6b:46:35:1a:cd:43:42:aa:d7:3f:96:4c:d4:1c:27: 4f:5a:67:c0:2b:8e:9b:85:61 Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 40:40:1b:39:2a:80:a2:fa:a6:06:56:82:65:4e:8f:21:6f:1b: ea:78:ee:fa:4f:2f:56:13:54:9e:e5:cf:18:ce:7e:e0:89:0f: 70:81:a4:ce:ea:9e:7f:df:1f:aa:cb:ef:b3:9b:a1:a2:75:05: 3e:19:67:13:8a:42:2e:5e:b8:b2:e6:1f:78:cc:99:dc:9d:66: 05:99:d6:bd:62:a2:04:94:74:c2:05:31:fd:13:4b:36:95:38: 97:b4:56:e9:9d:70:1c:0a:78:1d:37:ed:c3:a5:b3:6f:4b:d8: bd:e1:dd:f8:e9:27:fb:33:6c:75:ef:bb:6c:da:76:21:9a:06: d2:5a Muchísimo mejor, definitivamente tiene otra pinta. Gracias por las sugerencias. Un saludo, Ismael
Attachment:
signature.asc
Description: OpenPGP digital signature