Ben Stienstra

Linux, Unix, network, radio and more...

User Tools

Site Tools


Simple root CA Server


yum install openssl-perl

Create CA

/etc/pki/tls/misc/ -newca

Create CSR and sign

Create certificate sign request

/etc/pki/tls/misc/ -newreq

Create sign request

/etc/pki/tls/misc/ -signreq

Create a PKCS#12 file containing signed certificate and private key

/etc/pki/tls/misc/ -pkcs12 "My Test Certificate"

Extract key and certificate

openssl pkcs12 -nocerts -in mycert.p12 -out userkey.pem
openssl pkcs12 -clcerts -nokeys -in mycert.p12 -out usercert.pem

Install CA root certificate on client

openssl x509 -in cacert.pem -out cacert.crt
cp cacert.crt /etc/pki/ca-trust/source/anchors/


openssl verify -purpose sslserver -CAfile /etc/pki/ca-trust/extracted/openssl/ client.crt
simple_root_ca_centos_6.5.txt · Last modified: 2014/07/17 09:43 by admin