One: Configure private CA commands
1. Edit the configuration file/etc/pki/tls/openssl.cnf
Change dir to ".. /.. /ca "changed to"/etc/pki/ca "
You can change the default country, province, city
mkdir certs Newcerts CRL
Touch Index.txt
Touch serial
Echo >serial
2. Create a private key (the public key is generated from this)
Under the/etc/pki/ca directory
(umask 077;openssl genrsa 2048 >private/cakey.pem) or
(Umask 077;openssl genrsa-out PRIVATE/CAKEY.PEM 2048)
Note: The-out option needs to be followed Genrsa
OpenSSL rsa-in server.key-pubout extract public key
3. Generate a Certificate
OpenSSL Req-new-x509-key private/cakey.pem-out Cacert.pem
Note:-new: Generate a new certificate
-x509: Certificate format (required to generate CA from Visa book)
OpenSSL x509-text-in server.crt (View certificate format)
Two: Configure certificates
1. Generate Secret Keys
(umask 077;openssl genrsa-out ssl/httpd.key 1024)
2. Generate a Certificate
OpenSSL Req-new-key httpd.key-out HTTPD.CSR
3. Give the CA a signature
OpenSSL ca-in httpd.csr-out httpd.crt-days 365
Configuring private CA commands and configuration certificates (summarized according to Marco's Linux video tutorial)