Launch this commands:
CATOP=./personalCA
CAKEY=./cakey.pem
CAREQ=./careq.pem
CACERT=./cacert.pem
cd /etc/ssl
mkdir $CATOP
mkdir $CATOP/certs
mkdir $CATOP/crl
mkdir $CATOP/newcerts
mkdir $CATOP/private
echo “00” > $CATOP/serial
echo “00” > $CATOP/crlnumber
touch $CATOP/index.txt
export OPENSSL_CONF=/etc/ssl/essetigiCA.cnf
copy /etc/ssl/openssl.cnf to personalCA.cnf and edit OrganizationName, Country, State, ecc fields.
Then execute:
openssl req -new -keyout $CATOP/private/$CAKEY -out $CATOP/$CAREQ
write a complex passhprase and remember it! Without it the CA is completely useless. It asks also for information about the CA.
Now we create our CA, it asks for the passphrase:
openssl ca -out $CATOP/$CACERT $CADAYS -extensions v3_ca -days 36500 -keyfile $CATOP/private/$CAKEY -selfsign -infiles $CATOP/$CAREQ
Server certificate:
openssl req -new -nodes -keyout $CATOP/private/server_key.pem -out $CATOP/certs/server_req.pem
openssl ca -out $CATOP/certs/server_cert.pem -days 13000 -extensions server_cert -infiles $CATOP/certs/server_req.pem
client certificate:
openssl req -new -nodes -keyout $CATOP/private/client01_key.pem -out $CATOP/certs/client01_req.pem
openssl ca -out $CATOP/certs/client01_cert.pem -days 10000 -infiles $CATOP/certs/client01_req.pem
That’s all.
Leave a Reply