A/I Orange Book (1.0): An how-to for the realization of a resilient network of self-managed servers | ||
---|---|---|
Prev | Chapter 7. Certification Authority | Next |
The first step to create a CA consists in creating a root certificate, the one with which we will sign all the other certificates:
$ openssl req -new -x509 -keyout $CADIR/private/cakey.pem \ -out $CADIR/cacert.pem -days 3643After this, we can check that our certificate exists, along with its own private key:
$ openssl x509 -text -noout -in $CADIR/cacert.pem $ openssl rsa -noout -text -in $CADIR/private/cakey.pemWe can then update the serial file:
$ openssl x509 -in $CADIR/cacert.pem -noout -next_serial \ -out $CADIR/serial