re-issue a fake certificate for IPReg (IPReg Issuer CA)
-------------------------------------------------------
[http@baghdadic terrence]$ pwd
/home/usr/its/http/.netscape/terrence
[http@baghdadic terrence]$ /servers/web/openssl/bin/openssl x509 -text -in terrence.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1145 (0x479)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=AU, O=The University of Macquarie, CN=IPReg Certificate Issuer/emailAddress=siwc@xxxxxxxxxxxxxx
Validity
Not Before: Apr 26 04:23:48 2004 GMT
Not After : Apr 26 04:23:48 2005 GMT
Subject: C=AU, O=The University of Macquarie, CN=Terrence Miao/UID=terrence
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:ee:2f:9a:2c:11:dc:c2:b5:26:01:5c:de:08:98:
93:7f:5a:9b:39:50:28:82:a0:c5:53:1a:f3:9e:5e:
00:eb:dd:a9:04:05:00:6e:37:e9:a4:c6:c5:68:68:
35:80:96:13:cf:c1:cb:d1:3f:79:58:fd:9b:23:f9:
1c:99:6a:c2:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
0E:FF:41:CA:D9:85:94:0A:A0:B9:7C:9E:D3:28:78:92:A0:ED:F9:AA
X509v3 Authority Key Identifier:
keyid:F7:85:C7:6E:A1:B6:6C:2E:D7:0E:79:51:DF:56:07:18:A1:19:25:74
DirName:/C=AU/O=The University of Macquarie/CN=IPReg Certificate Issuer/emailAddress=siwc@xxxxxxxxxxxxxx
serial:00
Signature Algorithm: md5WithRSAEncryption
6f:4c:52:c2:54:19:d2:e5:5c:ae:3b:a7:d7:0e:8a:89:ca:b8:
c5:9a:ce:d7:09:ee:bd:3e:ef:f7:fe:76:ed:d1:dc:f5:81:0e:
67:a4:f6:51:9a:40:22:d1:b3:37:12:8d:1e:10:a9:a4:ad:0d:
e0:56:5f:1f:df:e8:77:34:f7:1f:1c:2f:5e:b7:e0:57:90:9a:
07:b5:d2:f3:1e:61:c7:b8:ff:14:53:5d:1f:22:ab:b4:8f:95:
e4:ee:22:01:fc:86:a4:65:19:1c:5d:d7:8e:3e:c4:ee:89:50:
c3:aa:d7:c3:93:76:9b:71:d8:05:c2:8e:64:d7:e5:a0:e8:55:
79:99
-----BEGIN CERTIFICATE-----
MIIDFjCCAn+gAwIBAgICBHkwDQYJKoZIhvcNAQEEBQAwejELMAkGA1UEBhMCQVUx
JDAiBgNVBAoTG1RoZSBVbml2ZXJzaXR5IG9mIE1lbGJvdXJuZTEhMB8GA1UEAxMY
SVBSZWcgQ2VydGlmaWNhdGUgSXNzdWVyMSIwIAYJKoZIhvcNAQkBFhNjd2lzQHVu
aW1lbGIuZWR1LmF1MB4XDTA0MDQyNjA0MjM0OFoXDTA1MDQyNjA0MjM0OFowZTEL
MAkGA1UEBhMCQVUxJDAiBgNVBAoTG1RoZSBVbml2ZXJzaXR5IG9mIE1lbGJvdXJu
ZTEWMBQGA1UEAxMNVGVycmVuY2UgTWlhbzEYMBYGCgmSJomT8ixkAQETCHRlcnJl
bmNlMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAO4vmiwR3MK1JgFc3giYk39amzlQ
KIKgxVMa855eAOvdqQQFAG436aTGxWhoNYCWE8/By9E/eVj9myP5HJlqwpECAwEA
AaOCAQIwgf8wCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5l
cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFA7/QcrZhZQKoLl8ntMoeJKg7fmq
MIGkBgNVHSMEgZwwgZmAFPeFx26htmwu1w55Ud9WBxihGSV0oX6kfDB6MQswCQYD
VQQGEwJBVTEkMCIGA1UEChMbVGhlIFVuaXZlcnNpdHkgb2YgTWVsYm91cm5lMSEw
HwYDVQQDExhJUFJlZyBDZXJ0aWZpY2F0ZSBJc3N1ZXIxIjAgBgkqhkiG9w0BCQEW
E2N3aXNAdW5pbWVsYi5lZHUuYXWCAQAwDQYJKoZIhvcNAQEEBQADgYEAb0xSwlQZ
0uVcrjun1w6Kicq4xZrO1wnuvT7v9/527dHc9YEOZ6T2UZpAItGzNxKNHhCppK0N
4FZfH9/odzT3HxwvXrfgV5CaB7XS8x5hx7j/FFNdHyKrtI+V5O4iAfyGpGUZHF3X
jj7E7olQw6rXw5N2m3HYBcKOZNfloOhVeZk=
-----END CERTIFICATE-----
[http@baghdadic terrence]$ /servers/web/openssl/bin/openssl req -text -in terrence.req.pem
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=AU, O=The University of Macquarie/UID=terrence, CN=Terrence Miao
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:ee:2f:9a:2c:11:dc:c2:b5:26:01:5c:de:08:98:
93:7f:5a:9b:39:50:28:82:a0:c5:53:1a:f3:9e:5e:
00:eb:dd:a9:04:05:00:6e:37:e9:a4:c6:c5:68:68:
35:80:96:13:cf:c1:cb:d1:3f:79:58:fd:9b:23:f9:
1c:99:6a:c2:91
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: md5WithRSAEncryption
bf:8d:4e:2f:64:db:95:99:df:bd:32:5c:af:b3:30:b5:1d:e4:
a4:b9:d4:6b:26:16:dd:89:4c:35:cf:a7:56:61:20:f3:59:31:
4f:13:2a:d1:88:ea:87:2a:f8:31:2b:3b:2c:34:6c:75:53:7f:
11:2d:8e:4e:ab:14:17:aa:11:b9
-----BEGIN CERTIFICATE REQUEST-----
MIIBHzCBygIBADBlMQswCQYDVQQGEwJBVTEkMCIGA1UEChMbVGhlIFVuaXZlcnNp
dHkgb2YgTWVsYm91cm5lMRgwFgYKCZImiZPyLGQBARMIdGVycmVuY2UxFjAUBgNV
BAMTDVRlcnJlbmNlIE1pYW8wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA7i+aLBHc
wrUmAVzeCJiTf1qbOVAogqDFUxrznl4A692pBAUAbjfppMbFaGg1gJYTz8HL0T95
WP2bI/kcmWrCkQIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQC/jU4vZNuVmd+9Mlyv
szC1HeSkudRrJhbdiUw1z6dWYSDzWTFPEyrRiOqHKvgxKzssNGx1U38RLY5OqxQX
qhG5
-----END CERTIFICATE REQUEST-----
delete (revoke) old certificate in order to issue a new one:
[http@baghdadic terrence]$ /servers/web/openssl/bin/openssl ca -config /servers/web/openssl/openssl.cnf -revoke /servers/web/openssl/newcerts/0479.pem
Using configuration from /servers/web/openssl/openssl.cnf
Revoking Certificate 0479.
Data Base Updated
[http@baghdadic terrence]$ diff /servers/web/openssl/index.txt /servers/web/openssl/index.txt.orig
< R 050426042348Z 050426071500Z 0479 unknown /C=AU/O=The University of Macquarie/CN=Terrence Miao/uid=terrence
---
> V 050426042348Z 0479 unknown /C=AU/O=The University of Macquarie/CN=Terrence Miao/uid=terrence
[http@baghdadic terrence]$ /servers/web/openssl/bin/openssl ca -config /servers/web/openssl/openssl.cnf -in terrence.req.pem -out terrence.new.pem -passin file:../.passwd -batch
Using configuration from /servers/web/openssl/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'AU'
organizationName :PRINTABLE:'The University of Macquarie'
uid :PRINTABLE:'terrence'
commonName :PRINTABLE:'Terrence Miao'
Certificate is to be certified until Apr 24 07:20:18 2015 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
[http@baghdadic terrence]$ /servers/web/openssl/bin/openssl x509 -inform PEM -outform DER -in terrence.new.pem -out terrence.crt
delete old certificate from cert7.db:
[http@baghdadic terrence]$ /servers/netscape/cms42/bin/cert/tools/certutil -D -d . -n "terrence"
[http@baghdadic terrence]$ /servers/netscape/cms42/bin/cert/tools/certutil -A -d . -n "terrence" -t "u,u,u" -i terrence.crt -f ../.passwd
[http@baghdadic terrence]$ /servers/netscape/cms42/bin/cert/tools/certutil -L -d . -n "terrence"
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1260 (0x4ec)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: E=siwc@xxxxxxxxxxxxxx, CN=IPReg Certificate Issuer, O=The University of Macquarie, C=AU
Validity:
Not Before: Tue Apr 26 07:20:18 2005
Not After: Fri Apr 24 07:20:18 2015
Subject: UID=terrence, CN=Terrence Miao, O=The University of Macquarie, C=AU
...
A shell script can do this thing for you:
[http@baghdadic scripts]$ cat renew-fake-cert.bash
#!/bin/bash
export FAKEHOME=/home/usr/its/http/.netscape
export OPENSSL=/servers/web/openssl/bin/openssl
export OPENSSLCONF=/servers/web/openssl/openssl.cnf
export CERTUTIL=/servers/netscape/cms42/bin/cert/tools/certutil
$OPENSSL req -text -in $FAKEHOME/$1/$1.req.pem
$OPENSSL ca -config $OPENSSLCONF -revoke $FAKEHOME/$1/$1.pem
$OPENSSL ca -config $OPENSSLCONF -in $FAKEHOME/$1/$1.req.pem -out $FAKEHOME/$1/$1.pem -passin file:$FAKEHOME/.passwd -batch
$OPENSSL x509 -inform PEM -outform DER -in $FAKEHOME/$1/$1.pem -out $FAKEHOME/$1/$1.crt
$CERTUTIL -D -d $FAKEHOME/$1 -n "$1"
$CERTUTIL -A -d $FAKEHOME/$1 -n "$1" -t "u,u,u" -i $FAKEHOME/$1/$1.crt -f $FAKEHOME/.passwd
$CERTUTIL -L -d $FAKEHOME/$1 -n "$1"
|