OpenSSL Certificate Authority

Install OpenSSL
#apt-get install openssl

Edit OpenSSL Configuration File
#vi /etc/ssl/openssl.cnf

Create Self-Signed Root Certificate
#openssl req -x509 -newkey rsa -out /etc/ssl/CA/cacert.pem -outform PEM

Generate a Certificate Request
#openssl req -newkey rsa -keyout /etc/ssl/tmp/tmpkey.pem -keyform PEM -out /etc/ssl/tmp/tmpreq.pem -outform PEM

Create file for Database Index and Serial Number
#echo '01' > /etc/ssl/serial
#
touch /etc/ssl/index.txt

Issue a Certificate from a Certificate Request
#openssl ca -in /etc/ssl/tmp/tmpreq.pem -out /etc/ssl/certs/xxxcrt.pem

Revoke a Certificate
#cp /etc/ssl/newcerts/01.pem /etc/ssl/tmp/tmpcrt.pem
#openssl ca -revoke tmpcrt.pem

Generate Revocation List
#openssl ca -gencrl -out /etc/ssl/ca.crl

Useful Links
  • http://www.technoids.org/openssl.cnf.html
  • http://sapiens.wustl.edu/~sysmain/info/openssl/