How to Create Certification Authority

SSL uses Certification Authorities (CA) to ensure the integrity of public key encryption. The certification authority verifies the public key of the individual and signs it with a digital signature. Two well-known CAs are Verisign and Thawte. It is possible to run your own CA if you use OpenSSL. The certificates created are solely for personal use and will not be trusted by outside individuals. However, they are useful for sending secure data within a intranet or to a personal server.

Print this article

OpenSSL

Instructions

- 1
  
  Open a terminal window to access a command prompt where you will type the following commands.
- 2
  
  Type the command "su" to switch to the root user.
- 3
  
  Type the command "mkdir -m 0755 /etc/pki_personal" to create the directory for the certification files.
- 4
  
  Create the certification authority directory tree with the following command:
  mkdir -m -0755 /etc/pki_personal/my_CA /etc/pki_personal/my_CA/private /etc/ppki_personal /my_CA/certs /etc/pki_personal/my_CA/newcerts /etc/pki_personal/my_CA/crl
- 5
  
  Type the command "cp /etc/pki/tls/openssl.cnf /etc/pki_personal/my_CA/my.cnf" to copy the openssl configuration file to the new directory.
- 6
  
  Type the command "chmod 0600 /etc/pki_personal/my_CA/my.cnf" to change the permissions on the my.cnf file.
- 7
  
  Type the command "touch /etc/pki_personal/my_CA/index.txt" to create the database file for openssl.
- 8
  
  Type the command "echo '01' > /etc/pki_personal/my_CA/serial" to set the certificate's serial number to 01.
- 9
  
  Navigate into the etc/pki_personal/my_CA/ directory and type the following command to create the certification authority certificate and key:
  openssl req -config my.cnf -new -x509 -extensions v3_ca -keyout private/my_ca.key -out certs/my_ca.crt -days 1700
  Type a strong passphrase when prompted.
- 10
  
  Open the my.cnf file in a text editor and change the values to reflect your custom directory and certification authority certificate and key.
- 11
  
  Navigate into the /etc/pki_personal/my_CA directory and create the certification request with the following command:
  openssl req -config my.cnf -new -nodes -keyout private/server.key -out server.csr -days 182
  Type in the certificate information when prompted.
- 12
  
  Set the permission on the private key with the following commands:
  chown root.root /etc/pki_personal/my_CA/private/server.key
  chmod 0400 /etc/pki_personal/my_CA/private/server.key
- 13
  
  Type the following command to sign the certificate request:
  openssl ca -config my.cnf -policy policy_anything -out certs/server.crt -infiles server.csr
  Provide the private key to sign the request.
- 14
  
  Type the command "rm -f /etc/pki_personal/my_CA/server.csr" to delete the certificate request.
- 15
  
  Type the following commands to verify the certificate:
  openssl x509 -in certs/server.crt -noout -text
  openssl verify -purpose sslserver -CAfile /etc/pki_personal/my_CA/certs/my_CA.crt /etc/pki_personal/my_CA/certs/server.crt

OpenSSL

Comments

How to Create a Certificate for Your Website Certificate Authority
Security certificates provide encryption to all communications transmitted via your server. A certificate protects your data from potential intruders or spammers. As...
How to Create a Client Certificate
Controlling access to your secure websites is important. This can be accomplished by requiring a client certificate to be installed by users....
How to Create Your Own Certificate Authority
Certificate authority is a great way to secure your Microsoft Exchange server. By creating a certificate, you can protect all the information...
How to Make a Certificate Using Microsoft Word
Microsoft Word is useful for many tasks, including creating award certificates for individuals, groups, and classes. A certificate acknowledging that a person...
What Is a Certificate of Authority?
If you've ever used a secure website, or if you've ever gotten a message about an "expired certificate" from your browser, then...
How to Create a Local Certificate Authority
Securing an internal server is a necessary piece of the corporate security puzzle, and one of the ways to do that is...
How to Create a DSA Certificate
A DSA certificate allows computer developers to produce trusted websites that are capable of secure eCommerce and other online transactions. The OpenSSL...
How to Create a Training Manual in Word
Taking time to write out an employee training manual may seem like a laborious task. Using Microsoft Word 2007's features makes part...
How to Create a Certificate
You can create a certificate for any type of award. It can be given for excellence, outstanding participation or achievement, and more....
How to Reinstall a Certification Authority
The root Certification Authority or CA sets up your public key infrastructure and governs certificate issuance. The root CA also issues digital...
How to Generate a SSL Certificate
Internet security is a much-discussed topic, with Internet fraud activity, identity theft, and phishing schemes abounding. Secure Socket Layer, or SSL, encrypts...
How to Create Client Side Certificates
Client-side certificates are advantageous for security across a network. Client-side certificates are created on a Web server and requested by the client...
How to Install a SonicWALL Certificate
SonicWALL supports Verisign, Thawte, Entrust, Microsoft CA Server, RSA Keon and iPlanet security certificates. After generating and creating a new certificate with...
How to Create a Test Certificate
Test certificates are used in programming to test secure applications without spending hundreds of dollars on a valid, secure SSL. SSL is...
How to Import a Certificate Authority
Security certificates protect your computer from potential intruders while you browse the Web. Websites that ask for your personal information use certificate...
How to Host Your Own Certificate Authority on the Internet
If you use your website for secure transactions, such as selling items online, you'll need to run the Secure Sockets Layer (SSL)...
How to Add Attributes to a Microsoft Certificate Request
When you are charge of a domain for your company or business, you can create a certificate request to be sent to...
How to Make a Computer Trust a Certificate Authority
Browsing the Internet safely on a work or school computer with Internet Explorer requires you to exercise prudence about the websites you...
How to Create a Self-Signed Certificate in OpenSSL
A self-signed certificate is created, signed and validated using a public key infrastructure library by the end-user. Self-signed certificates are not normally...

How to Create Certification Authority

Other People Are Reading

Things You'll Need

Instructions

References

Resources

More Like This

Comments

You May Also Like

Related Ads

Kid-Approved iPad Apps by Mom.me

You May Like