A service of Daily Data, Inc.
Contact Form

Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace:
software:openssl:createca

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
software:openssl:createca [2025/10/19 03:47] rodolicosoftware:openssl:createca [2025/10/19 03:55] (current) rodolico
Line 64: Line 64:
 ==== Create a configuration file ==== ==== Create a configuration file ====
  
-By creating a configuration file, you can bypass a lot of redundant questions and answers when generationg certificates. I name it openssl.cnf and place it in the directory with my CA files. The following is not correct at this time (stil working on the documentation). +By creating a configuration file, you can bypass a lot of redundant questions and answers when generating certificates. I name it openssl.cnf and place it in the directory with my CA files. The following is not correct at this time (stil working on the documentation).
- +
-<code conf>+
  
 +<code conf openssl.cnf>
 # this section is for requests # this section is for requests
 [ req ] [ req ]
Line 89: Line 88:
 # used when generating certificate of authorities (ca) # used when generating certificate of authorities (ca)
 [ v3_ca ] [ v3_ca ]
- 
 subjectKeyIdentifier=hash subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always authorityKeyIdentifier=keyid:always,issuer:always
 basicConstraints = critical, CA:true basicConstraints = critical, CA:true
- 
- 
- 
- 
--reqexts v3_ca 
 </code> </code>
  
Line 128: Line 121:
   * //-out// - name of the output file.   * //-out// - name of the output file.
  
 +==== Modify openssl.cnf ====
  
 +<code conf>
 +[ ca ]
 +default_ca = CA_default
  
-Country Name (2 letter code) [AU]:US    +CA_default 
-State or Province Name (full name) [Some-State]:Texas +dir               = ./myCA              # Location of the CA certificate and private key 
-Locality Name (eg, city) []:Dallas +database          = $dir/myCAindex      # Database index file 
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:Daily Data +new_certs_dir     = $dir/newcerts       # Directory where new certs are stored 
-Organizational Unit Name (eg, section) []:Home Office +certificate       = $dir/ca.crt         # The CA certificate 
-Common Name (e.g. server FQDN or YOUR name[]:Rod +private_key       = $dir/ca.key         # The CA private key 
-Email Address []:joe@dailydata.net+default_md        = sha256              # Default digest method 
 +preserve          = no                  # Keep existing certificates (yes/no
 +policy            = policy_any          # Default policy for issuing certificates
  
 +[ policy_any ]
 +countryName             = optional
 +stateOrProvinceName     = optional
 +organizationName        = optional
 +organizationalUnitName  = optional
 +commonName              = required
 +emailAddress            = optional
 +</code>
software/openssl/createca.1760863649.txt.gz · Last modified: 2025/10/19 03:47 by rodolico