apt-get install openssl
Create Private Certificate Authority
- OpenSSL (version 0.9.8) is installed to path /usr/lib/ssl. The CA.sh script is not in search path, we are going to add it for just current session.
- Let customize a bit configuration file (/usr/lib/ssl/openssl.cnf) that is used for certificate creation, but first make a backup copy. Make the following changes:
... [ req ] default_bits = 2048 ... [ req_distinguished_name ] countryName_default = UA stateOrProvinceName_default = LV 0.organizationName_default = XYZ Co ...
- Create a directory for all certificates (it can be any directory, we will create in home):
mkdir ~/ca && cd ~/ca
- Answer few questions (hit enter to create a new when prompted for CA filename):
ldap1:~/ca# CA.sh -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 2048 bit RSA private key ............+++ ........+++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase: ************** Verifying - Enter PEM pass phrase: ************** ... Country Name (2 letter code) [UA]: State or Province Name (full name) [LV]: Locality Name (eg, city) :Lviv Organization Name (eg, company) [XYZ Co]: Organizational Unit Name (eg, section) : Common Name (eg, YOUR name) :XYZ Root CA Email Address : Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name : Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/./cakey.pem: ***** Check that the request matches the signature Signature ok Certificate Details: ... Write out database with 1 new entries Data Base Updated
- Secure Certificate Authority:
chmod -R go-rwx ~/ca