NA2010 ATNA

From IHEWiki

Jump to: navigation, search

Contents


[edit]

Introduction

The purpose of this page is for ATNA developers to share information on the ATNA profile for NA 2010. Specifically, we believe that participants will benefit from those sharing experience on how to manage the signed certificates.

I had to modify the wiki policy so that only I can add accounts. If you do not have an existing account and want to make a contribution, send me (Steve Moore) a note.

[edit]

NA 2010 Only

This page is meant for NA 2010 participants only. When we have good material here, we will move it to a more general implementation page. That should probably live on wiki.ihe.net and not on this wiki.

[edit]

General Implementation

  • Why does the CN field contain ADT_MIR.ihe.net and not mir-adt.wustl.edu?
    • I do not have host names for all of your systems, and I believe you can make this work.
  • What do I do with the CN field when I receive someone else's certificate? Do I make sure it matches something, or do I just accept the certificate because it is signed?
[edit]

Java Implementation

  • How do I install my certificate so I can make or receive a connection?
    • <bill> I posted a script for generating a Java keystore from the PEM certificates Steve posted on Kudu. It can be found at here. Filename is keystore.sh. The documentation in the file is enough I hope. Note that it needs the Java 6 version of the utility keytool. </bill>
  • How do I install the CA certificate so I can validate someone else's certificate?
[edit]

Windows Implementation

  • How do I install my certificate so I can make or receive a connection?
    • Use this openssl command to generate a certificate with private key: (if you're copy/pasting, leave out the line breaks) 
openssl pkcs12 -export
 -out privateCertificate.pfx 
 -inkey {your request file} 
 -in {your cert file}
 -certfile {the demo CA cert}
    • Enter the password (It's in Kudu under Configuration --> Certificates...)
    • Choose a password
    • Right-click the newly created privateCertificate.pfx and select "install"
    • Enter the password you chose when prompted
    • Allow Windows to automatically select where to store the keys
    • When creating a request, use the Current User certificate store and search by the CN field of the certificate - which looks like this: 
{system name}.ihe.net
  • How do I install the CA certificate so I can validate someone else's certificate?
    • Start the certificate manager by going to Start --> Run... then run this command: 
certmgr.msc
    • Right-click on "Trusted Root Certification Authorities" in the left pane, select All Tasks --> Import...
    • Browse to the directory containing the cacert.pem file (under the demoCA directory), and set the "Files of type" dropdown to "All Files"
    • Select the file, and accept the default options for the rest of the process
    • This will install the CA certificate for the current user only. To install for all users, see this tool, or use mmc
    • Vista users, see this also
[edit]

OpenSSL/C++ Implementation

  • How do I install my certificate so I can make or receive a connection?
  • How do I install the CA certificate so I can validate someone else's certificate?
[edit]

Baseball Trivia

  • Who had a bigger effect on the game: Babe Ruth or Scott Boras?
Retrieved from "http://ihewiki.wustl.edu/wiki/index.php/NA2010_ATNA"