dfri/ sysadm/ ca

DFRI Certificate Authority

To create a new certificate

export CERT="<your CNAME here>"
export EXPIRE="-days 365"
openssl req -config openssl.cnf -newkey rsa:3072 -nodes -keyout $CERT.key -out $CERT.req
openssl ca -config openssl.cnf $EXPIRE -in $CERT.req -out $CERT.crt

How the CA was created

mkdir -p certificates/demoCA/private
chmod -R 700 certificates
cp openssl.cnf certificates/
cd certificates
touch demoCA/index.txt
openssl req -config openssl.cnf -newkey rsa:4096 -out ca-req
mv privkey.pem demoCA/private/cakey.pem
openssl req -config openssl.cnf -verify < ca-req
mkdir demoCA/newcerts
echo 01 > demoCA/serial
openssl ca -config openssl.cnf -selfsign -in ca-req -extensions v3_ca
cp demoCA/newcerts/01.pem demoCA/cacert.pem