Executes this command. You will be asked for a new password, which you'll have to enter two times. Remember this password! Which it is required to sign your certificates.
openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem
-out cacert.pem -days 3650 -config ./openssl.cnf
This creates two files:
- A private key in "private / cakey.pem"
- A root CA certificate "cacert.pem"
cacert.pem is the file which is distributed to clients so that they can be the root CA certificate to import manually. Below there is a method of how to "crt." The CA certificate as a file with the file extension, can offer as a download link. More below. Private Key View:
cat /home/username/CA/private/cakey.pem
The private key (cakey.pem) looks like this:
Code:
----- BEGIN RSA PRIVATE KEY -----
Proc-Type: 4, ENCRYPTED
DEK-Info: DES-CBC-EDE3, 3A1E24518648628
jlQvt9WdR9Vpg3WQT5 C3HU17bUOwvhp/r0 + + viMcBUCRW85UqI2BJJKTi1IwQQ4c
tyTrhYJYOP + +6 A6JXt5BzDzZy/B7tjEMDBosPiwH2m4MaP wTbi1qR1pFDL3fXYDr
QAPXhxpC7ftxMiKbdf2RTmgo/2JgU4AF1p45cIISJerf42g + GK36XA1paeVIgEUO
qZb3mC6U2nRaP/NpZPcEx4lv2vH7OzHTu1TZ7t0asSpgpuH58dfHPw775kZDep2F
LXA3Oeavg0TLFHkaFBU3fzreEG6Txpt9I74aAsw1T6UbTSjqgtsK0PHdjPNfPGlY
5U3Do1pnU9hfoem/4RAOe0cCovP/xf6YPBraSFPs4XFfnWwgEtL09ReFqO9T0aSp
5ajLyBOYOBKQ3PCSu1HQDw/OzphInhKxdYg81WBBEfELzSdMFQZgmfGrt5DyyWmq
ITzTQcxXiAzkydqwnMKIAp1W2atwXDv7fZIthzQ + XkyVz0HlAM7M2uKS8Ug/FjUt
0FMHTEB5HQebEkKBoRQMCJN/uyKXTLjNB7ibtVbZmfjsi9oNd3NJNVQQH + o9I/rP
wtFsjs t7SKrsFB2cxZQdDlFzD6EBA + +5 + ytebGEI1lJHcOUEa6P LTphlwh/o1QuN
IKX2YKHA4ePrBzdgZ xZuSLn/Qtjg/eZv6i73VXoHk8EdxfOk5xkJ + + DnsNmyx0vq
zOITGqvZGFSZ0pbX58S9Hc9siHi + SD3943845jrMMpuxEe7YpXX2GsZzRgt2TQ63cS0
X1OZ9Dix U0u6xXff0ETJ5dF3hV6GF7hP3Tmj9/UQdBwBzr + + == D8YWzQ
----- END RSA PRIVATE KEY -----
Of course we want to show cakey.pem anyone. This CA Key is to be used any more. The CA's certificate:
cat /home/username/CA/private/cakey.pem
To view individual sections of the certificate, you can do it with the following commands:
openssl x509 -in cacert.pem -noout -text
or
openssl x509 -in cacert.pem -noout -dates
or
openssl x509 -in cacert.pem -noout -purpose
Bookmarks