Monthly Archives: June 2013
Posted by funkym0nk3y
Today certificates are widely used to verify, authenticate a client/user or server, to encrypt or sign emails or to sign other types of objects (e.g. source code). You are using a certificate at the moment, due to the secure http (https) connection.
In this post I will show you how to create your own Root Certificate Authority (CA).
1. Create a self signed root certificate
2. Create a sub ca certificate
3. Create a server certificate
4. Create a user certificate
5. Generate a certificate revocation list
6. Revoke a certificate
7. Export a certificate to PKCS#12 format
8. Bash script to manage your own CA
I recommend to configure your openssl.cnf (located at /etc/ssl/openssl.cnf). This is the most annoying part, but it simplifies the next steps. You can find an example of an openssl.cnf I’ll use at the end of this post. Be careful at the policy_match section, this can be a problem while signing a certificate signing request.
Read the rest of this entry →
Tags: bash script, certificate, certificate authority, certificate revocation list, email, email certificate, linux command line, openssl, pki, private rsa key, random noise, revocation list, revoke, root ca, root certificate authority, sign, sub ca, vpn, vpn certificate