Monday Aug 31, 2009

Detailed steps to setup OpenSSL certificate authority

Here are the detailed steps to setup OpenSSL as Certificate Authority

Most of the unix operating systems comes with OpenSSL installation, if not, you need to install OpenSSL , then follow the following steps.

Step 1: Run the following command to check openssl is already installed.

$ which openssl (If you see output like /usr/bin/openssl, that means your system already has openssl installed, if not, install openssl)

Step 2: Create directory called openssl-ca

$ mkdir openssl-ca

$ cd openssl-ca

Step 3: Download Makefile file from http://sial.org/howto/openssl/ca/Makefile

Step 4 : Download openssl.cnf file from http://sial.org/howto/openssl/ca/openssl.cnf

Step 5: Edit following line in Makefile( use "-newkey rsa:2048" if running OpenSSL 0.9.8a or higher)


@openssl req -nodes -config openssl.cnf days 1825 -x509 -newkey rsa:2048 -out ca-cert.pem -outform PEM

Step 6: Edit following section of openssl.cnf file as per your per organization details

[ root_ca_distinguished_name ]

commonName = openssl CA

countryName = US (Make sure you specify abbreviation only)

stateOrProvinceName = California (No abbreviation)

localityName = Santa Clara

0.organizationName = Sun Microsystems

emailAddress = mailto:contact@sun.com

Step 7: Run make init to create openssl-ca certificate authority.

$ make init

Step 8: Check all the folders are created to make sure certificate authority is configured properly.

$ ls Makefile crl newcerts private ca-cert.pem index openssl.cnf serial (Note: ca-cert.pem is root certificate)

This concludes the creation of openssl as a certificate authority to generate certificates for your applications.
About

Ashok Anumandla

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today