Creating a DH Parameter (Key) File and a DSA Certificate and Key

In order to establish an SSL connection with the DH (key exchange) and DSA (DSS, signing) algorithms, a DH parameter file and DSA certificates and keys are required in your SSL application. The Certificate Tool (described in Chapter 3) does not provide this functionality. However, the OpenSSL command-line utility allows you to create the required files.

The following lines demonstrate how to create the DH and DSA related files.

## Create a DH parameter (key size is 1024 bits)
   $ openssl dHParam -outform PEM -out dHParam.pem 1024
 
## Create a DSA certificate
 
- Create DSA parameters (key size is 1024 bits)
  $ openssl dsaparam -out dsaparam.pem 1024
 
- Create a DSA CA certificate and private key(using DSA parameter in dsaparam.pem)

 $ openssl req -x509 -newkey dsa:dsaparam.pem 
-keyout dsa_ca.key -out dsa_ca.crt -config SSL$CONF
 
- Create DSA certificate signing request(dsa_cert.csr)& private key(dsa_cert.key)
 
  $ openssl req -out dsa_cert.csr -keyout dsa_cert.key 
-newkey dsa:DSAPARAM.PEM -config SSL$CONF
 
- Sign Certificate Signing Request with DSA CA Certificate and Create a New Certificate
 
 $ openssl ca -in dsa_cert.csr -out dsa_cert.crt 
 
-config SSL$CA_CONF

HP OpenVMS Systems Documentation

Creating a DH Parameter (Key) File and a DSA Certificate and Key

ť Table of Contents

ť Index

		** About PDF files: The PDF files on this Web site can be read online or printed using Adobe® Acrobat® Reader. If you do not have this software installed on your system, you may download it from the Adobe Web site.