By Ashok Anumandla on Aug 31, 2009
Most of the unix operating systems comes with OpenSSL installation, if not, you need to install OpenSSL , then follow the following steps.
Step 1: Run the following command to check openssl is already installed.
$ which openssl (If you see output like /usr/bin/openssl, that means your system already has openssl installed, if not, install openssl)
Step 2: Create directory called openssl-ca
$ mkdir openssl-ca
$ cd openssl-ca
Step 3: Download Makefile file from http://sial.org/howto/openssl/ca/Makefile
Step 4 : Download openssl.cnf file from http://sial.org/howto/openssl/ca/openssl.cnf
Step 5: Edit following line in Makefile( use "-newkey rsa:2048" if running OpenSSL 0.9.8a or higher)
@openssl req -nodes -config openssl.cnf days 1825 -x509 -newkey rsa:2048 -out ca-cert.pem -outform PEM
Step 6: Edit following section of openssl.cnf file as per your per organization details
[ root_ca_distinguished_name ]
commonName = openssl CA
countryName = US (Make sure you specify abbreviation only)
stateOrProvinceName = California (No abbreviation)
localityName = Santa Clara
0.organizationName = Sun Microsystems
emailAddress = mailto:email@example.com
Step 7: Run make init to create openssl-ca certificate authority.
$ make init
Step 8: Check all the folders are created to make sure certificate authority is configured properly.
$ ls Makefile crl newcerts private ca-cert.pem index openssl.cnf serial (Note: ca-cert.pem is root certificate)
This concludes the creation of openssl as a certificate authority to generate certificates for your applications.