Verifying Requester's Email Address

This section provides a tutorial example on how to generate a CSR (Certificate Signing Request) using the JDK 'keytool' command.

Now it's my turn to verify Amy's identity and issue her a personal certificate.

Step 3 - Herong, as the CA administrator, reviews Amy's CSR file and verifies her identity.

To review Amy's CSR, I need to use a different tool called OpenSSL. JDK 'keytool' command is not good enough. Read my "Cryptography Tutorials - Herong's Tutorial Examples" book on how to install OpenSSL if you need help.

Here is the OpenSSL command I used to view Amy's CSR:

C:\herong>\local\gnuwin32\bin\openssl req -noout -text 
   -in amy_xyz_com.csr

Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=Unknown, ST=Unknown, L=Unknown, O=Unknown,
           OU=Unknown, CN=amy@xyz.com
        Subject Public Key Info:
            Public Key Algorithm: dsaEncryption
            DSA Public Key:
                pub:
                    00:ef:b5:66:2e:45:9c:28:c1:34:fc:ad:f7:e7:b8:
                    ...
        Attributes:
            a0:00
    Signature Algorithm: dsaWithSHA1
        30:2c:02:14:5d:34:8f:30:77:ee:9a:7d:b7:de:8e:e2:67:5a:
        34:b0:04:7c:6d:22:02:14:11:a4:4d:52:ea:61:8a:d3:bf:80:
        6f:28:a6:a2:15:24:c6:1d:6f:06

Since I am planning to issue Amy a Class 1 certificate, I only need to verify her email address, which is the CN attribute of the Subject.

So I send Amy a verification email to amy@xyz.com. If she can reply from that email address, then verification is done.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with IE (Internet Explorer) 10

 Using HTTPS with Chrome 40

 Using HTTPS with Firefox 35

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Certificate Stores and Certificate Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

PKI CA Administration - Issuing Certificates

 Root CA and Intermediate CA

 Requesting and Signing Personal Certificate

 Generating a Private-Public Key Pair for Amy

 Generating a CSR (Certificate Signing Request)

Verifying Requester's Email Address

 Exporting a Private Key from a KeyStore File

 Signing a CSR into a Certificate

 Importing Certificate Reply Back to KeyStore

 "bad decrypt:./crypto/evp/evp_enc.c:461" Error

 Requesting and Signing Server Certificate

 Digital Signature - Microsoft Word 2007

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 PDF Printing Version