- Change directory to the default CA directory:
# cd /etc/pki/CA
- Create an index file for new certs:
# touch index.txt
- Set first certificate number:
# echo ’01′ > serial
# echo ’01′ > crlnumber
- Create your CA cert and private key for your CA server:
# openssl req -new -x509 -extensions v3_ca -keyout private/ca-cert.key -out certs/ca-cert.crt -days 365
Enter PEM pass phrase: <your passpharse>
Confirm PEM pass phrase: <your passpharse>
Country Name: IN
State: West bengal
City: Kolkata
Organization: Example
Organizational Unit: Example
Common Name: CA
E-mail Address: [email protected]
- Set permissions on your private key:
# chmod 400 private/ca-key.key
Now when you get a new
certificate request, the following action need to perform to generate a new cert
signed by ca server :
- From your CA server, change directory to /etc/pki/CA
# cd /etc/pki/CA
- Copy your certificate request to the /etc/pki/CA/crl directory
# cp /root/ds1.csr /etc/pki/CA/crl
- Sign your cert using your CA
# openssl ca -in crl/ds1.csr -out newcerts/ds1.pem -keyfile private/ca-cert.key -cert certs/ca-cert.crt
Sign cert? y
Commit? y
Comments
Post a Comment