By Ashok Anumandla on Aug 31, 2009
Here are the detailed steps to setup OpenSSL as Certificate Authority
Most of the unix operating systems comes with OpenSSL installation, if not, you need to install OpenSSL , then follow the following steps.
Step 1: Run the following command to check openssl is already installed.
$ which openssl (If you see output like /usr/bin/openssl, that means your system already has openssl installed, if not, install openssl)
Step 2: Create directory called openssl-ca
$ mkdir openssl-ca
$ cd openssl-ca
Step 3: Download Makefile file from http://sial.org/howto/openssl/ca/Makefile
Step 4 : Download openssl.cnf file from http://sial.org/howto/openssl/ca/openssl.cnf
Step 5: Edit following line in Makefile( use "-newkey rsa:2048" if running OpenSSL 0.9.8a or higher)
@openssl req -nodes -config openssl.cnf days 1825 -x509 -newkey rsa:2048 -out ca-cert.pem -outform PEM
Step 6: Edit following section of openssl.cnf file as per your per organization details
[ root_ca_distinguished_name ]
commonName = openssl CA
countryName = US (Make sure you specify abbreviation only)
stateOrProvinceName = California (No abbreviation)
localityName = Santa Clara
0.organizationName = Sun Microsystems
emailAddress = mailto:firstname.lastname@example.org
Step 7: Run make init to create openssl-ca certificate authority.
$ make init
Step 8: Check all the folders are created to make sure certificate authority is configured properly.
$ ls Makefile crl newcerts private ca-cert.pem index openssl.cnf serial (Note: ca-cert.pem is root certificate)
This concludes the creation of openssl as a certificate authority to generate certificates for your applications.