khokha
Flight Engineer
Flight Engineer
  • 417 Views

Hello,

In ch04s02 when generating the signed certificate it used CAkey not the private key we generated in previous step 4.2, why?

when should i use the CAkey and the generated private key for the certificate?

If used the private key for the signed certificate would this be correct and which argument(parameter) should i use for defining it?

Thanks

1 Solution

Accepted Solutions
tnishiok
Flight Engineer
Flight Engineer
  • 388 Views

Hi @khokha,

I think this is because the section guides the steps to establish a trusted secure communication. For that purpuse it uses given CAKey to generate a certificate. 

For your personal testing purpose it's still possible to generate a self-signed certificate using your server's private key like below. 

$ openssl x509 -req -in training.csr -signkey training.key -out training.crt

However it's also better to keep in mind that the EX280 objectives stated as below. 

  • Secure external and internal traffic using TLS certificates

I won't discuss the actual exam tasks but I don't believe using a self-signed certificate is considered as secure enough.

Regards,
Toshi

View solution in original post

2 Replies
tnishiok
Flight Engineer
Flight Engineer
  • 389 Views

Hi @khokha,

I think this is because the section guides the steps to establish a trusted secure communication. For that purpuse it uses given CAKey to generate a certificate. 

For your personal testing purpose it's still possible to generate a self-signed certificate using your server's private key like below. 

$ openssl x509 -req -in training.csr -signkey training.key -out training.crt

However it's also better to keep in mind that the EX280 objectives stated as below. 

  • Secure external and internal traffic using TLS certificates

I won't discuss the actual exam tasks but I don't believe using a self-signed certificate is considered as secure enough.

Regards,
Toshi

khokha
Flight Engineer
Flight Engineer
  • 357 Views

Hi @tnishiok 

This exactly what i was asking about, i searched student guide but didn't find the command you provided for the self-signed certificate.

May i ask how could i get this command from --help or i've to use documentation during the exam in case CA keys weren't provided?

Thanks for your much appreciated help.

0 Kudos
Join the discussion
You must log in to join this conversation.