Closed Bug 1260650 Opened 9 years ago Closed 5 years ago

OpenSSL commands in certificate primer page are incorect.

Categories

(Developer Documentation Graveyard :: Security, defect, P5)

Product:
Developer Documentation Graveyard
Component:
Security
Platform:
All
Other
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: v_badev, Unassigned)

References

(
URL
)

Details

:: Developer Documentation Request Request Type: Correction Gecko Version: unspecified Technical Contact: :: Details Many of the openssl commands in page "A Web PKI x509 certificate primer" are incorrect and need small fixes. Correct commands are given below: Generate your CA Root 2. "openssl req -new -key rootkey.pem -days 5480 -extensions v3_ca -batch -out root.csr -utf8 -subj '/C=US/O=Orgname/OU=SomeInternalName'" Generate your Intermediate cert 1. "openssl genpkey -algorithm RSA -out intkey.pem -pkeyopt rsa_keygen_bits:3072" 2. "openssl req -new -key intkey.pem -days 2922 -extensions v3_ca -batch -out int.csr -utf8 -subj '/C=US/O=Orgname/OU=SomeInternalName2'" Generate the end entity certificate 1. "openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048" 2. "openssl req -new -key key.pem -days 1096 -extensions v3_ca -batch -out example.csr -utf8 -subj '/CN=www.example.com'" Also at least end entity certificate template is not correct according to https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Things_for_CAs_to_Fix. Line "basicConstraints = CA:FALSE" must be removed from template according to point 2 - "Default values in a SEQUENCE must not be explicitly encoded".
MDN Web Docs' bug reporting has now moved to GitHub. From now on, please file content bugs at https://github.com/mdn/sprints/issues/ and platform bugs at https://github.com/mdn/kuma/issues/.
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.