OpenSSL Creating a Private Certificate Authority

From UNIX Systems Administration
Revision as of 17:22, 12 January 2016 by Michael Kohler (talk | contribs)
Jump to navigation Jump to search

Red Hat Enterprise Linux/CentOS

  1. Move to the Certificate Authority directory.
    1. # cd /etc/pki/CA
    2. # mkdir csrs
  2. Create the index.txt and serial files needed for the Certificate Authority.
    1. # touch /etc/pki/CA/index.txt
    2. # touch /etc/pki/CA/serial
    3. # echo 01 > serial
  3. Copy the existing openssl.cnf to the Certificate Authority directory.
    1. # cp /etc/pki/tls/openssl.cnf /etc/pki/CA/.
  4. Generate the CA Private Key and CA Certificate:
    1. # cd /etc/pki/CA/
    2. # openssl req -config openssl.cnf -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 36525
  5. To sign a CSR.
    1. Upload the <certificate signing request>.csr to /etc/pki/CA/csrs/.
    2. # cd /etc/pki/CA
    3. # openssl ca -config openssl.cnf -policy policy_anything -out certs/<certificate>.crt -infiles csrs/<certificate signing request>.csr

Debian/Ubuntu

Retrieved from "http://www.outlandsmud.com/wiki/index.php?title=OpenSSL_Creating_a_Private_Certificate_Authority&oldid=759"