Certificate Authority ( CA )

How to configure CA (Certificate Authorities)
-----------------------------------------------------------------------------

Step-1

First of all open the following file to set CA's private and public key file name.

]# vim /etc/pki/tls/openssl.cnf
find the following line and change the public key name for CA, Most problably on line no 50
certificate = $dir/my-ca.crt

find the following line and change the private key name for CA, Most problably on line no 55
private_key = $dir/private/my-ca.key


ESC
:wq!

Step-2

Now check following directories whether exist, if not then create directories.
( certs, crl, newcerts, private )

]# cd /etc/pki/CA
]# ls
certs crl newcerts private

Step-3

Now you have to create index.txt file.

]# touch /etc/pki/CA/index.txt

Step-4

Create serial file with next serial no which will be used to issue new certificate.

]# echo 01 > /etc/pki/CA/serial

Step-5

Now create CA's private key

]# openssl genrsa -des3 -out /etc/pki/CA/private/my-ca.key 2048

Step-6

Create CA's self signed ceritficate.

]# openssl req -new -x509 -key /etc/pki/CA/private/my-ca.key -days 365 -out my-ca.crt

-----------------------*---*---*-----------------------------

How to create CA signed certificate
====================================
Step-1 First of login through user and generate private key

]# openssl genrsa -out some.key 1024

Step-2 Create certificate signing request (CSR) from private key.

]# openssl req -new -key some.key -out some.csr

Step-3 Create certificate from CSR .

]# openssl ca -in some.csr -out some.crt



-----------------------*---*---*-----------------------------