SSL uses Certification Authorities (CA) to ensure the integrity of public key encryption. The certification authority verifies the public key of the individual and signs it with a digital signature. Two well-known CAs are Verisign and Thawte. It is possible to run your own CA if you use OpenSSL. The certificates created are solely for personal use and will not be trusted by outside individuals. However, they are useful for sending secure data within a intranet or to a personal server.
Instructions /etc/pki_personal/my_CA/serial" to set the certificate's serial number to 01.
9. Navigate into the etc/pki_personal/my_CA/ directory and type the following command to create the certification authority certificate and key:
openssl req -config my.cnf -new -x509 -extensions v3_ca -keyout private/my_ca.key -out certs/my_ca.crt -days 1700
Type a strong passphrase when prompted.
10. Open the my.cnf file in a text editor and change the values to reflect your custom directory and certification authority certificate and key.
11. Navigate into the /etc/pki_personal/my_CA directory and create the certification request with the following command:
openssl req -config my.cnf -new -nodes -keyout private/server.key -out server.csr -days 182
Type in the certificate information when prompted.
12. Set the permission on the private key with the following commands:
chown root.root /etc/pki_personal/my_CA/private/server.key
chmod 0400 /etc/pki_personal/my_CA/private/server.key
13. Type the following command to sign the certificate request:
openssl ca -config my.cnf -policy policy_anything -out certs/server.crt -infiles server.csr
Provide the private key to sign the request.
14. Type the command "rm -f /etc/pki_personal/my_CA/server.csr" to delete the certificate request.
15. Type the following commands to verify the certificate:
openssl x509 -in certs/server.crt -noout -text
openssl verify -purpose sslserver -CAfile /etc/pki_personal/my_CA/certs/my_CA.crt /etc/pki_personal/my_CA/certs/server.crt
Tags: pki_personal my_CA, certs server, following command, openssl -config, private server, authority certificate