How to create Certificate authority

How to create Certificate authority

You can create a Certificate Authority using OpenSSL. First you have to install OpenSSL. After it is installed, the OpenSSL configuration file should be edited with the information for your site. This will ensure good defaults when you start creating and signing certificates. Do this by going to /usr/local/ssl/openssl.cnf in the section req_distinguised_name.

You can set the defaults here.

How to create a private CA:

-Open the OpenSSL bin directory in /usr/local/ssl/misc by default

-Here, you should find a script called CA.sh

This script will hide all the unpleasant detailed of how this works.

-SU to root (OpenSSL bin Directory should be in your path)

-./CA.sh -newca

* Click Return when there is a prompt for CA

* The rest of the questions should be answered intelligently (Note: the common name is how the Certificate will be referred to)

Creating certificates:

-./CA.sh -newreq

* An unsigned certificate is now created.

* The procedure is similar to creating a private CA but the common name that should be used is the name of the

that will use the certificate. (i.e. host.domain.com)

-./CA/sh -sign

* This will prompt for a PEM pass phrase.

* This will sign the certificate that you created with your CA (the one you created before). Note: multiple certificates

can be generated

-Newcert.pem is now your signed certificate which is located in the current directory.