Create your own Certification Authority

From Notes

Jump to: navigation, search

Create a root CA certificate key pair (valid for 10 years) 

openssl req -config /etc/ssl/openssl.cnf -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650

You probably want your configuration file to be different from any file you would use to create a CSR or certificate for any purpose other than your CA. The private key is essential to the trust of your CA and should be protected well.

Sign a Certificate Signing Request -- Issue a Certificate 

openssl ca -in <signing request>.csr > <certificate>.crt
Retrieved from "http://www.itsecureadmin.com/wiki/index.php/Create_your_own_Certification_Authority"
Personal tools