Skip to content

Instantly share code, notes, and snippets.

@benny-shotvibe

benny-shotvibe/gist:9151443

Created February 22, 2014 10:03
Show Gist options
  • Save benny-shotvibe/9151443 to your computer and use it in GitHub Desktop.
Save benny-shotvibe/9151443 to your computer and use it in GitHub Desktop.
Download ZIP
Certificate Authority Commands
Raw
gistfile1.md

Certificate Authority Commands

Reference: http://www.mad-hacking.net/documentation/linux/security/ssl-tls/creating-ca.xml

Setup

This directory structure is needed for the Certificate Authority

mkdir -p private
mkdir -p demoCA/newcerts
touch demoCA/index.txt
[ -f demoCA/serial ] || echo 01 >> demoCA/serial

Generate Certificate Authority

This is done once

openssl req -config /etc/ssl/openssl.cnf -newkey rsa:2048 -keyout private/cacert.key -out cacert.pem -x509 -days 3650 -extensions v3_ca

Create a new certificate

Step 1: Generate Certificate Request

This can be done on the host machine. Replace the string test with your chosen name.

openssl req -config /etc/ssl/openssl.cnf -newkey rsa:2048 -nodes -keyout private/test.key -out test.csr

Step 2: Sign the Certificate Request

Copy the "test.csr" file to the Certificate Authority machine and run this:

openssl ca -config /etc/ssl/openssl.cnf -in test.csr -out test.pem -keyfile private/cacert.key -cert cacert.pem -policy policy_anything -days 365
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment