Free Preparation Discussions
MENU
HP Exam HPE7-A02 Topic 15 Question 19 Discussion
Topic #: 15
You are using OpenSSL to obtain a certificate signed by a Certification Authority (CA). You have entered this command:
openssl req -new -out file1.pem -newkey rsa:3072 -keyout file2.pem
Enter PEM pass phrase: **********
Verifying - Enter PEM pass phrase: **********
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Sunnyvale
Organization Name (eg, company) [Internet Widgits Pty Ltd]:example.com
Organizational Unit Name (eg, section) []:Infrastructure
Common Name (e.g. server FQDN or YOUR name) []:radius.example.com
What is one guideline for continuing to obtain a certificate?
When using OpenSSL to obtain a certificate signed by a Certification Authority (CA), you should submit the Certificate Signing Request (CSR) file, which is file1.pem, to the CA. The CSR contains the information about the entity requesting the certificate and the public key, but not the private key, which is in file2.pem. The CA uses the information in the CSR to create and sign the certificate.
1. CSR Submission: The CSR (file1.pem) includes the public key and the entity information required by the CA to issue a certificate.
2. Private Key Security: The private key (file2.pem) should never be sent to the CA or shared; it remains securely stored on the requestor's server.
3. Certificate Issuance: After the CA signs the CSR, the resulting certificate can be used with the private key to establish secure communications.
Emilio
4 hours ago