cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
khokha
Flight Engineer
Flight Engineer
‎10-22-2023 01:37 PM
  • 915 Views

DO280

Jump to solution

Hello,

In ch04s02 when generating the signed certificate it used CAkey not the private key we generated in previous step 4.2, why?

when should i use the CAkey and the generated private key for the certificate?

If used the private key for the signed certificate would this be correct and which argument(parameter) should i use for defining it?

Thanks

Join the discussion
1 Solution

Accepted Solutions
tnishiok
Flight Engineer
Flight Engineer
‎10-24-2023 06:04 AM
  • 886 Views

Jump to solution

Hi @khokha,

I think this is because the section guides the steps to establish a trusted secure communication. For that purpuse it uses given CAKey to generate a certificate. 

For your personal testing purpose it's still possible to generate a self-signed certificate using your server's private key like below. 

$ openssl x509 -req -in training.csr -signkey training.key -out training.crt

However it's also better to keep in mind that the EX280 objectives stated as below. 

  • Secure external and internal traffic using TLS certificates

I won't discuss the actual exam tasks but I don't believe using a self-signed certificate is considered as secure enough.

Regards,
Toshi

View solution in original post

2 Replies
tnishiok
Flight Engineer
Flight Engineer
‎10-24-2023 06:04 AM
  • 887 Views

Jump to solution

Hi @khokha,

I think this is because the section guides the steps to establish a trusted secure communication. For that purpuse it uses given CAKey to generate a certificate. 

For your personal testing purpose it's still possible to generate a self-signed certificate using your server's private key like below. 

$ openssl x509 -req -in training.csr -signkey training.key -out training.crt

However it's also better to keep in mind that the EX280 objectives stated as below. 

  • Secure external and internal traffic using TLS certificates

I won't discuss the actual exam tasks but I don't believe using a self-signed certificate is considered as secure enough.

Regards,
Toshi

khokha
Flight Engineer
Flight Engineer
‎10-24-2023 08:37 PM
  • 855 Views

Jump to solution

Hi @tnishiok 

This exactly what i was asking about, i searched student guide but didn't find the command you provided for the self-signed certificate.

May i ask how could i get this command from --help or i've to use documentation during the exam in case CA keys weren't provided?

Thanks for your much appreciated help.

0 Kudos
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2024 Red Hat, Inc. Privacy policy Terms of use