{{tag>[ssl tls ca centos6.5 security]}}
=====Simple root CA Server=====
==== Install CA.pl ====
  yum install openssl-perl
  
==== Create CA ====
  /etc/pki/tls/misc/CA.pl -newca

===== Create CSR and sign =====
==== Create certificate sign request ====
  /etc/pki/tls/misc/CA.pl -newreq

==== Create sign request ====
  /etc/pki/tls/misc/CA.pl -signreq

==== Create a PKCS#12 file containing signed certificate and private key ====
  /etc/pki/tls/misc/CA.pl -pkcs12 "My Test Certificate"

===== Extract key and certificate =====
  openssl pkcs12 -nocerts -in mycert.p12 -out userkey.pem
  openssl pkcs12 -clcerts -nokeys -in mycert.p12 -out usercert.pem

===== Install CA root certificate on client =====
  openssl x509 -in cacert.pem -out cacert.crt
  cp cacert.crt /etc/pki/ca-trust/source/anchors/
  update-ca-trust

==== Verify ====
  openssl verify -purpose sslserver -CAfile /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt client.crt