OpenSSL Certificate Authority
Install OpenSSL
Edit OpenSSL Configuration File
Create Self-Signed Root Certificate
Generate a Certificate Request
Create file for Database Index and Serial Number
Issue a Certificate from a Certificate Request
Revoke a Certificate
Generate Revocation List
Useful Links
#apt-get install openssl
Edit OpenSSL Configuration File
#vi /etc/ssl/openssl.cnf
Create Self-Signed Root Certificate
#openssl req -x509 -newkey rsa -out /etc/ssl/CA/cacert.pem -outform PEM
Generate a Certificate Request
#openssl req -newkey rsa -keyout /etc/ssl/tmp/tmpkey.pem -keyform PEM -out /etc/ssl/tmp/tmpreq.pem -outform PEM
Create file for Database Index and Serial Number
#echo '01' > /etc/ssl/serial
#touch /etc/ssl/index.txt
Issue a Certificate from a Certificate Request
#openssl ca -in /etc/ssl/tmp/tmpreq.pem -out /etc/ssl/certs/xxxcrt.pem
Revoke a Certificate
#cp /etc/ssl/newcerts/01.pem /etc/ssl/tmp/tmpcrt.pem
#openssl ca -revoke tmpcrt.pem
Generate Revocation List
#openssl ca -gencrl -out /etc/ssl/ca.crl
Useful Links
- http://www.technoids.org/openssl.cnf.html
- http://sapiens.wustl.edu/~sysmain/info/openssl/