setting up a certificate authority using openssl _ simple things
TRANSCRIPT
-
8/22/2019 Setting Up a Certificate Authority Using Openssl _ Simple Things
1/4
01/08/13 Setting up a certificate authority using openssl | Simple Things
hexeract.wordpress.com/2009/04/16/60/ 1/4
Simple Things
Ink and Incapability
Setting up a certificate authority using openssl
Setting up an own certificate authority is easier than the openssl documentation may imply.In this demonstration, openssl 0.9.8k has been used
1. Create support files for the certificate authority
2. Create the openssl configuration file ca.config
12
$ touch ca.db.index$ echo "01" >ca.db.serial
123456789
1011121314
1516171819202122232425
262728293031
default_ca=CA_default[ CA_default ]dir=.certs=.new_certs_dir=.database=ca.db.indexserial=ca.db.serialRANDFILE=ca.db.randcertificate=ca.crtprivate_key=ca.keydefault_days=365default_crl_days=30default_md=md5preserve=no
policy=policy_anythingx509_extensions=certificate_extensions[ policy_anything ]countryName= optionalstateOrProvinceName= optionallocalityName= optionalorganizationName= optionalorganizationalUnitName= optionalcommonName= optionalemailAddress= optional[ certificate_extensions ]
basicConstraints=CA:false[ req ]default_bits=1024default_keyfile=ca.keydefault_md=sha1prompt=yes
http://hexeract.wordpress.com/http://hexeract.wordpress.com/http://hexeract.wordpress.com/http://hexeract.wordpress.com/http://hexeract.wordpress.com/ -
8/22/2019 Setting Up a Certificate Authority Using Openssl _ Simple Things
2/4
01/08/13 Setting up a certificate authority using openssl | Simple Things
hexeract.wordpress.com/2009/04/16/60/ 2/4
3. Create the certificate authority key and certificateFor some odd reason you can not hit return accepting default values, reenter one of them
4. Create a certificate signing request (for our CA to sign)Preferably, you do this in another directory as not to to get confused.Enter all data as requested, with the common name (CN) being signme.com
5. Sign the certificate signing requestNow the example certificate signing request can be signed by the newly created certificateauthority
6. What the heck are all these files in the CA directoryca.configthe certificate authority configuration fileca.keythe certificate authority key fileca.key.passphrasethe certificate authority key file passphraseca.crtthe certificate authority certificate (selfsigned)ca.db.indexkeeps track of which certificate signing requests you have signedca.db.index.attrkeeps a configuration item for ca.db.index
3233343536373839
4041
distinguished_name=acme_cax509_extensions=root_ca_extensions[ acme_ca ]commonName=ACME Root CAstateOrProvinceName=RainbowcountryName=DEemailAddress=info@invalid.exampleorganizationalUnitName=ACME Root CA
[ root_ca_extensions ]basicConstraints=CA:true
1234
$ mypasswd=$(dd if=/dev/urandom ibs=1024 count=1 2>/dev/nu$ echo $mypasswd >ca.key.passphrase$ openssl genrsa -des3 -passout pass:$mypasswd -out ca.key 4096$ openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -confi
123456
$ mycn=signme.com$ mypasswd=$(dd if=/dev/urandom ibs=1024 count=1 2>/dev/nu$ echo $mypasswd >$mycn.key.passphrase$ openssl genrsa -des3 -passout pass:$mypasswd -out $mycn.key 1024$ openssl rsa -in $mycn.key -out $mycn.key.decrypted -passin pass:$ openssl req -new -key $mycn.key -out $mycn.csr -passin pass:$myp
123
$ name=signme.com$ password=$(cat ca.key.passphrase)$ openssl ca -config ./ca.config -passin pass:$password -out $name.
-
8/22/2019 Setting Up a Certificate Authority Using Openssl _ Simple Things
3/4
Sponsored by O2
1 $ openssl verify -CAfile ca.crt signme.com.crt
12
$ password=$(cat ca.key.passphrase)$ openssl ca -gencrl -config ./ca.config -passin pass:$password -k
12
$ openssl ca -config ./ca.config -passin pass:$password -revoke si$ password=$(cat ca.key.passphrase)
About these ads
http://en.wordpress.com/about-these-ads/http://www.youtube.com/user/O2GuruTV?feature=watch -
8/22/2019 Setting Up a Certificate Authority Using Openssl _ Simple Things
4/4
01/08/13 Setting up a certificate authority using openssl | Simple Things
hexeract.wordpress.com/2009/04/16/60/ 4/4
Blog at WordPress.com. | The Hemingway Theme.
Entries RSS Comments RSS
http://hexeract.wordpress.com/comments/feed/http://hexeract.wordpress.com/feed/http://theme.wordpress.com/themes/hemingway/http://wordpress.com/?ref=footer