Nasser Heidari


Buliding certificate authority

Filed under: Linux — Nasser Heidari @ 22:34
mkdir /etc/ssl
cd /etc/ssl/
mkdir CA
cd CA
mkdir certs crl newcerts private
echo "01" > serial
cp /dev/null index.txt
cp /usr/local/openssl/openssl.cnf.sample openssl.cnf

openssl req -new -x509 -keyout private/cakey.pem -out \
cacert.pem -days 365 -config openssl.cnf

To make a new certificate:

openssl req -nodes -new -x509 -keyout newreq.pem \
-out newreq.pem -days 365 -config openssl.cnf

(certificate and private key in file newreq.pem)

To sign new certificate with certificate authority:

openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem \
-out tmp.pem

openssl ca -config openssl.cnf -policy policy_anything \
-out newcert.pem -infiles tmp.pem

rm -f tmp.pem

(newcert.pem contains signed certificate, newreq.pem still contains
unsigned certificate and private key)

For More info , plz refer here 

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: