TLS Cookbook

From radmind

Revision as of 10:01, 27 November 2006 by Mcneal (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

Creating a Certificate Authority

  1. Create the Certificate Authority directory structure: 
     [server] root# cd /var/radmind 

     [server] root# mkdir CA 

     [server] root# mkdir CA/certs 

     [server] root# mkdir CA/crl 

     [server] root# mkdir CA/newcerts 

     [server] root# mkdir CA/private 

     [server] root# echo "01" > CA/serial 

     [server] root# touch CA/index.txt

    

    

  2.  Download the example OpenSSL Configuration File from http://www.rsug.itd.umich.edu/software/radmind/files/openssl.cnf into CA 

  3.  Create a self-signed certificate authority (CA) certificate and an encrypted private key. 

     
     [server] root# cd /var/radmind/CA 

     [server] root# openssl req -new -x509 –days 400 -keyout \ 

       private/CAkey.pem -out ca.pem -config openssl.cnf

    

    



 Creating a Certificate


  1. Create a certificate request and an unencrypted private key: 

     
     [server] root# cd /var/radmind/CA 

     [server] root# openssl req -new -keyout key.pem -out req.pem \ 

       -days 360 -config openssl.cnf -nodes

     

    

  2. Sign the certificate request with the CA’s certificate and private key. 

     
     [server] root# cat req.pem key.pem > new-req.pem 

     [server] root# openssl ca -policy policy_match -out out.pem \ 

      -config openssl.cnf -infiles new-req.pem 

     

    

  3. Combine the certificate and key into one file: 

     
     [server] root# cat out.pem key.pem > cert.pem 

     

    

  4. Remove temporary files

     
     [server] root# rm req.pem new-req.pem out.pem

     

    






Retrieved from "http://webservices.itcs.umich.edu/mediawiki/radmind/index.php/TLS_Cookbook"

						
			

		

	

		

		

	
	

		
Personal tools