Certificate Authority

A Certificate Authority or Certification Authority (CA) is an entity which issues digital certificates for use by other parties.  For more information on Certificate Athorities, visit the wikipedia article found here.

This documentation uses variables denoted with a $ followed by a keyword, all this emphasized with red text (i.e. $variable).  These variables should be replaced with appropriate values.  Suggested default values are denoted with a variable followed by an equal sign and a value (i.e $variable = value).

Create a Certificate Authority (CA)

  1. Change your working directory to /etc/pki/CA
    cd /etc/pki/CA
  2. Create a certificate authority good for ten years
    openssl req -config openssl.cnf -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650
    Enter PEM pass phrase: $password
    Re-Enter PEM pass phrase: $password
    Country Name: $country
    State or Province Name: $state
    Locality Name: $city
    Organization Name: $company
    Organizational Unit Name: $department = Certificate Authority
    Common Name: ca.$domain
    Email Address: ca@$domain
  3. Restrict access to the private key so that only root can read it
    chmod 0400 private/ca.key


Open Source Software: