| A/I Orange Book (1.0): An how-to for the realization of a resilient network of self-managed servers | ||
|---|---|---|
| Prev | Chapter 7. Certification Authority | Next |
The first step to create a CA consists in creating a root certificate, the one with which we will sign all the other certificates:
$ openssl req -new -x509 -keyout $CADIR/private/cakey.pem \
-out $CADIR/cacert.pem -days 3643
After this, we can check that our certificate exists, along with its own
private key:
$ openssl x509 -text -noout -in $CADIR/cacert.pem
$ openssl rsa -noout -text -in $CADIR/private/cakey.pem
We can then update the serial file:
$ openssl x509 -in $CADIR/cacert.pem -noout -next_serial \
-out $CADIR/serial