Verifying Requester's Email Address

This section provides a tutorial example on how to generate a CSR (Certificate Signing Request) using the JDK 'keytool' command.

Now it's my turn to verify Amy's identity and issue her a personal certificate.

Step 3 - Herong, as the CA administrator, reviews Amy's CSR file and verifies her identity.

To review Amy's CSR, I need to use a different tool called OpenSSL. JDK 'keytool' command is not good enough. Read my "Cryptography Tutorials - Herong's Tutorial Examples" book on how to install OpenSSL if you need help.

Here is the OpenSSL command I used to view Amy's CSR:

C:\herong>\local\gnuwin32\bin\openssl req -noout -text 
   -in amy_xyz_com.csr

Certificate Request:
        Version: 0 (0x0)
        Subject: C=Unknown, ST=Unknown, L=Unknown, O=Unknown,
        Subject Public Key Info:
            Public Key Algorithm: dsaEncryption
            DSA Public Key:
    Signature Algorithm: dsaWithSHA1

Since I am planning to issue Amy a Class 1 certificate, I only need to verify her email address, which is the CN attribute of the Subject.

So I send Amy a verification email to If she can reply from that email address, then verification is done.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with IE (Internet Explorer)

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Windows Certificate Stores and Console

 .NET Programs Communicating with HTTPS Servers - Root CA Offering Free Certificates

PKI CA Administration - Issuing Certificates

 Root CA and Intermediate CA

 Requesting and Signing Personal Certificate

 Generating a Private-Public Key Pair for Amy

 Generating a CSR (Certificate Signing Request)

Verifying Requester's Email Address

 Exporting a Private Key from a KeyStore File

 Signing a CSR into a Certificate

 Importing Certificate Reply Back to KeyStore

 "bad decrypt:./crypto/evp/evp_enc.c:461" Error

 Requesting and Signing Server Certificate

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials


 Full Version in PDF/EPUB