More from the web

Thursday, 30 July 2015

Creating a Local Certificate Authority, Signing and Requesting Certificates

In this tutorial i will be using CentOS to demonstrate the configuration of OpenSSL as a local certificate authority. Once this is setup you can use this server to sign certificates for other servers on your network. In this example i will also generate a request for signing from the server but in production instances you can/will do this from the requesting server.

1) Find out where the openssl.cnf file is located

which openssl

locate openssl.cnf

2)  Change to the folder containing the openssl.cnf file, make a backup of the file

cd /etc/pki/tls

Use root user for the following

cp openssl.cnf openssl_bkup.cnf

3) Configure cnf file as needed

vi openssl.cnf


dir = ./local-ca or /etc/pki/local-ca

Under the [change req_distinguished_name] heading you can  modify the defaults
as needed (helps in faster option selection but not required)

Modify the opensssl configuration to enable revocation list  

comment out "crlnumber"
should be #crlnumber after change

4) After the configuration edits

mkdir local-ca
cd local-ca
mkdir newcerts
mkdir certs
mkdir req
mkdir private
mkdir crl

echo "01" > serial

touch index.txt

5) Create the CA
cd /etc/pki/local-ca

openssl req -new -x509 -newkey rsa:2048 -keyout private/cakey.pem -out cacert.pem -days 3650

6) Create request for certificate from the Certificate Authority above (different server)

openssl req -new -nodes -newkey rsa:1024 -keyout private/newsecuredserver.key -out req/newsecuredserver.req -days 1095

7) Create the signed Certificate from the request above
openssl ca -policy policy_anything -out certs/newsercuredserver.pem -in req/newsecuredserver.req

ssl certificate is .pem
key files are .key

Backup entire OpenSSL directory

Remember to keep the directory permissions
ls -Fla pki

Create the certificate revocation list

openssl ca -config openssl.cnf -gencrl -out /crl/pem

Revoking Certificates
openssl ca -revoke /System/Library/OpenSSL/groundsweel/certs/mainfinsrvprod/pem

Create new request after revoking the certificate
openssl req -new -nodes -out /System/Library/OpenSSL/mainfinsrvprod/req/mainfinsrvprodnew.req

Create new signed certificate

openssl ca -config /System/Library/OpenSSL/openssl.cnf -policy poilicy_anything -out /System/Library/OpenSSL/main0ca/certs/mainfinsrvprodnew.pem -infiles /System/Library/OpenSSL/main-ca/req/mainfinsrvprodnew.req


  1. Benefits of casino games - Curaçao Casino
    Benefits of casino games in a casino are 메리트 카지노 쿠폰 usually based on luck and good luck, and as you become acquainted with these, it 메리트 카지노 is highly unlikely 인카지노 that they are

  2. The King Casino | Ventureberg
    Discover the rise and fall of the septcasino king casino, 1xbet app one of the world's largest The Casino is operated by the King Casino aprcasino Group. novcasino You can