TLS Cookbook
From radmind
Creating a Certificate Authority
- Create the Certificate Authority directory structure:
-
- [server] root# cd /var/radmind
- [server] root# mkdir CA
- [server] root# mkdir CA/certs
- [server] root# mkdir CA/crl
- [server] root# mkdir CA/newcerts
- [server] root# mkdir CA/private
- [server] root# echo "01" > CA/serial
- [server] root# touch CA/index.txt
-
- Download the example OpenSSL Configuration File from http://www.rsug.itd.umich.edu/software/radmind/files/openssl.cnf into CA
- Create a self-signed certificate authority (CA) certificate and an encrypted private key.
-
- [server] root# cd /var/radmind/CA
- [server] root# openssl req -new -x509 –days 400 -keyout \
- private/CAkey.pem -out ca.pem -config openssl.cnf
-
Creating a Certificate
- Create a certificate request and an unencrypted private key:
-
- [server] root# cd /var/radmind/CA
- [server] root# openssl req -new -keyout key.pem -out req.pem \
- -days 360 -config openssl.cnf -nodes
-
- Sign the certificate request with the CA’s certificate and private key.
-
- [server] root# cat req.pem key.pem > new-req.pem
- [server] root# openssl ca -policy policy_match -out out.pem \
- -config openssl.cnf -infiles new-req.pem
-
- Combine the certificate and key into one file:
-
- [server] root# cat out.pem key.pem > cert.pem
-
- Remove temporary files
-
- [server] root# rm req.pem new-req.pem out.pem
-