OpenSSL Creating a Private Certificate Authority: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
__FORCETOC__ | |||
{{TOC right}} | {{TOC right}} | ||
== Red Hat Enterprise Linux/CentOS == | == Red Hat Enterprise Linux/CentOS == | ||
#Move to the Certificate Authority directory. | #Move to the Certificate Authority directory. |
Revision as of 17:22, 12 January 2016
Red Hat Enterprise Linux/CentOS
- Move to the Certificate Authority directory.
- # cd /etc/pki/CA
- # mkdir csrs
- Create the index.txt and serial files needed for the Certificate Authority.
- # touch /etc/pki/CA/index.txt
- # touch /etc/pki/CA/serial
- # echo 01 > serial
- Copy the existing openssl.cnf to the Certificate Authority directory.
- # cp /etc/pki/tls/openssl.cnf /etc/pki/CA/.
- Generate the CA Private Key and CA Certificate:
- # cd /etc/pki/CA/
- # openssl req -config openssl.cnf -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 36525
- To sign a CSR.
- Upload the <certificate signing request>.csr to /etc/pki/CA/csrs/.
- # cd /etc/pki/CA
- # openssl ca -config openssl.cnf -policy policy_anything -out certs/<certificate>.crt -infiles csrs/<certificate signing request>.csr