Ben Stienstra

Linux, Unix, network, radio and more...

User Tools

Site Tools


simple_root_ca_centos_6.5

Simple root CA Server

Install CA.pl

yum install openssl-perl

Create CA

/etc/pki/tls/misc/CA.pl -newca

Create CSR and sign

Create certificate sign request

/etc/pki/tls/misc/CA.pl -newreq

Create sign request

/etc/pki/tls/misc/CA.pl -signreq

Create a PKCS#12 file containing signed certificate and private key

/etc/pki/tls/misc/CA.pl -pkcs12 "My Test Certificate"

Extract key and certificate

openssl pkcs12 -nocerts -in mycert.p12 -out userkey.pem
openssl pkcs12 -clcerts -nokeys -in mycert.p12 -out usercert.pem

Install CA root certificate on client

openssl x509 -in cacert.pem -out cacert.crt
cp cacert.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust

Verify

openssl verify -purpose sslserver -CAfile /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt client.crt
simple_root_ca_centos_6.5.txt · Last modified: 2014/07/17 09:43 by admin