This is a little description of how to deal with the 
Peppercon CA institution:
1. eric certificates for both, the eric webs ssl implementation 
   used for the webs and the rfb as well as the certificate 
   used to signed the eric-applet and extensions.
2. PEMX license key and certificate to protect PEMX license files
Author: Thomas Breitfeld, Peppercon AG
------------------------------------------------------------------

The following certificates are currently used in eric & PEMX:

== Peppercon Root CA certificate 
 | public key: certificates/demaCA/cacert.pem
 | private key: certificates/demoCA/private/cakey.pem pw:cellcore 
 | (signes the following two)
 |
 +-> SSL server cert
 | public key: certificates/ericcert.pem
 | private key :certificates/erickey.pem pw:cellcore
 |
 +-> Jar signing cert
 | public/private key: eric_applet/cacerts pw:cellcore
 | keystore pw: changeit
 |
 +-> PEMX licence (used to sign and verify licence files)
   public key: norbox_firmware/certificates/emxlcert.pem
   private key:  norbox_firmware/certificates/emxlkey.pem 
 

The following commands should be used in order to regenerate 
the keys or certificats:

= Generate a Root CA certificate:
  openssl req -config ./openssl_peppercon.cnf -x509 -days 1825 -newkey rsa:1024 -keyout demoCA/private/cakey.pem -out demoCA/cacert.pem

= Generate the SSL server cert
  openssl req -config ./openssl_peppercon.cnf -nodes -days 1825 -newkey rsa:1024 -keyout erickey.pem -out req.pem 
  openssl ca -config ./openssl_peppercon.cnf -in req.pem -out newcert.pem -days 1825
  
= Generate the Jar signing cert
  keytool -storepass changeit -keystore ../eric_applet/keystore -genkey -alias pepperjar -keyalg RSA
  keytool -storepass changeit -keystore ../eric_applet/keystore -certreq -alias pepperjar -file preq.crt 
  openssl ca -config ./openssl_peppercon.cnf -in preq.crt -out newcert.crt -days 1825
  keytool -storepass changeit -keystore ../eric_applet/keystore -import -trustcacerts -file demoCA/cacert.pem
  keytool -storepass changeit -keystore ../eric_applet/keystore -import -file newcert.crt -alias pepperjar

= Generate the PEMX licence key/cert
  (PEMX key and cert files are checked into the norbox_firmware repo)
  openssl req -config ./openssl_peppercon.cnf -nodes -days 1825 -newkey rsa:512  -keyout emxlkey.pem -out req.pem
  openssl ca -config ./openssl_peppercon.cnf -in req.pem -out emxlcert.pem -days 1825
