CA Creation
Set up the directory structure and files required by OpenSSL:
mkdir keys
mkdir requests
mkdir certs
Create the file database.txt for all issued certificate entry:
copy con database.txt
Create the file seial.txt for all issued certificate serial entry:
copy con serial.txt
Write the number 00 to the file serial.txt:
00
First, we create a 2048-bit private key to use when creating our CA.:
openssl genrsa -passout pass:changeit -des3 -out keys/ca.key 2048
Next, we create a master certificate based on this key, to use when signing other certificates:
openssl req -config openssl.conf -new -x509 -days 5001 -key keys/ca.key -out keys/ca.cer
*Provide the details like Country Code, Province, City, Organization Unit, Organization, Email(Optional)
Trusted Root Store, so they don’t get warning messages
openssl x509 -in keys/ca.cer -outform DER -out keys/ca.der
openssl pkcs12 -export -out keys/ca.p12 -in keys/ca.cer -inkey keys/ca.key
Copy the certreq.txt file into directory requests & Sign the request
openssl ca -policy policy_anything -config openssl.conf -cert keys/ca.cer -keyfile keys/ca.key -days 1095 -in requests/certreq.txt -out certs/website_certificate.cer
Convert the signed certificate into x509 format for use with IIS:
openssl x509 -in certs/website_certificate.cer -out certs/website_certificate509.cer
No comments:
Post a Comment