Easy Plugin for AdSense by Unreal
» Create a CA

Create a CA

Saturday, 8. January 2011

I was tired of having all these invalid or untrusted certs on my network applications and devices so I decided to load up a CentOS box with OpenSSL and make my own Certificate Authority (CA).  See the steps after the jump.I was tired of having all these invalid or untrusted certs on my network applications and devices so I decided to load up a CentOS box with OpenSSL and make my own Certificate Authority (CA).  Here is how I did it.


  1. Change directory to /etc/pki/tls
  2. Edit the openssl.cnf and make the following changes.
    1. Change HOME to  from . to /etc/pki/tls
    2. Under [CA_Defautls] change dir from ../../CA to ../CA
    3. Under [ policy_match ] change all the ones that are set to match to supplied
    4. Under [ req_distinguished_name ] change all entries to the correct ones for the location on the CA
  3. Create the index.txt file
    1. touch /etc/pki/CA/index.txt
  4. Create the serial file
    1. echo ’01’ > /etc/pki/CA/serial
  5. Generate the CA Cert and Key
    1. openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650
  6. Generate the crl
    1. openssl ca -gencrl -out crl.pem

Once that is done the server is ready to create certs from requests.  I do this by placing the cert request in a directory accessible by both the CA and the requester.  Once the request has been generated and is accessable by the CA run the following command to generate the cert.

openssl ca -in /mnt/cert-request.txt  -out /mnt/server.cer -days 365

This will create the cert server.cer (cer is used for IIS, if a different extension is needed then replace cer with what is desired) and it will be good for 1 year.  Once the cert is generated it is ready to be applied to the requester.

NOTE:  To have CRL work correctly the ca.crl file needs to be published to the web.  Usually it is at server.domain.com/crl.pem.  Otherwise depending on the browser if the ca.crl file is not accessible an error will show with the cert.

9 Responses to “Create a CA”

  1. promo codes for american eagle outfitters 2012 Says:

    amtrak discount codes tickets

  2. check website stats Says:

    I am now not sure where you are getting your information, however great topic. I needs to spend some time studying much more or understanding more. Thanks for great info I was on the lookout for this info for my mission.

  3. Warface NA/EU Cheat Free Says:

    Thank you a lot for sharing this with all of us you really recognise what you’re speaking approximately!
    Bookmarked. Please also visit my web site =). We will have a link change contract among us

  4. solicitor negligence claims Says:

    My brother suggested I might like this web site. He was entirely right.
    This post truly made my day. You can not imagine just how
    much time I had spent for this info! Thanks!

    my web-site solicitor negligence claims

  5. Spartanburg midwife Says:

    Hey there! Quick question that’s completely off topic. Do you know how to
    make your site mobile friendly? My website looks weird when viewing from my
    iphone4. I’m trying to find a template or plugin that might be able to correct this problem.
    If you have any suggestions, please share.
    Many thanks!

    Here is my blog Spartanburg midwife

  6. unlocking phones Says:

    Wow, that’s what I was searching for, what a stuff! existing here at this weblog, thanks admin of this website.

    Stop by my site; unlocking phones

  7. google Says:

    Awesome issues here. I am very satisfied to peer your article.
    Thank you a lot and I am having a look ahead to touch you.
    Will you please drop me a mail?

    Here is my page; google

  8. bleach teeth Elk Grove Says:

    Great blog you have here but I was wondering if you knew of
    any community forums that cover the same topics talked about in this article?
    I’d really like to be a part of online community where I can get
    comments from other experienced people that share the same interest.
    If you have any recommendations, please let me know. Bless you!

    My web blog … bleach teeth Elk Grove

  9. clash of clans hack tool app,clash of clans hack app,clash of clans hack apk 7.156.5,clash of clans hack,clash of clans hack tool apk,clash of clans hack download pc,clash of clans hack cydia source,clash of clans hack cydia 8.4,clash of clans hack ios,cl Says:

    By banding clans collectively, you may plan your attacks, assuring to
    get rewarding bounty.

Leave a Reply