HP Open Source Security for OpenVMS Volume 2: HP SSL for OpenVMS > Chapter 6 OpenSSL Command Line Interface

Creating a DH Parameter (Key) File and a DSA Certificate and Key

  Table of Contents


In order to establish an SSL connection with the DH (key exchange) and DSA (DSS, signing) algorithms, a DH parameter file and DSA certificates and keys are required in your SSL application. The Certificate Tool (described in Chapter 3) does not provide this functionality. However, the OpenSSL command-line utility allows you to create the required files.

The following lines demonstrate how to create the DH and DSA related files.

## Create a DH parameter (key size is 1024 bits)
$ openssl dHParam -outform PEM -out dHParam.pem 1024

## Create a DSA certificate

- Create DSA parameters (key size is 1024 bits)
$ openssl dsaparam -out dsaparam.pem 1024

- Create a DSA CA certificate and private key(using DSA parameter in dsaparam.pem)
 $ openssl req -x509 -newkey dsa:dsaparam.pem 
-keyout dsa_ca.key -out dsa_ca.crt -config SSL$CONF

- Create DSA certificate signing request(dsa_cert.csr)& private key(dsa_cert.key)

$ openssl req -out dsa_cert.csr -keyout dsa_cert.key
-newkey dsa:DSAPARAM.PEM -config SSL$CONF

- Sign Certificate Signing Request with DSA CA Certificate and Create a New Certificate

$ openssl ca -in dsa_cert.csr -out dsa_cert.crt

-config SSL$CA_CONF