User Tools

Site Tools



Create a CA

How to create a certificate authority using openssl on REL 5.

/etc/pki/tls/misc/CA -newca

FIXME provide some info…

Generate a key/value pair with genkey (and optional CSR)

Generate a private / public key pair and optionally a Certificate Signing Request (CSR).

  • make sure crypto-utils are installed on the server
  • change to the directory /etc/pki/tls/certs
  • execute genkey for the desired domainname
  • Follow the procedure and choose to create a CSR if required (or create a self signed certificate)
  • The private key will be generated under /etc/pki/tls/private
  • The public key (and CSR) will be generated under /etc/pki/tls/certs

Manually create a key / certificate pair

Create a private key manually with openssl

openssl genrsa 1024 > /etc/pki/tls/private/

Create a certificate request

openssl req -new -key /etc/pki/tls/private/ -out /etc/pki/tls/certs/

Create a self signed certificate

openssl req -new -x509 -nodes -sha1 -days 730 -key /etc/pki/tls/private/ > /etc/pki/tls/certs/

Remove passphrase from key (less security)

Change to the directory where the private key is stored:

cd /etc/pki/tls/private/

It's a good idea to make a backup copy of the original key:

cp localhost.key

Decrypt the key with openssl:

openssl rsa -in localhost.key -out new.key
Enter pass phrase for localhost.key:
writing RSA key

Replace the original key:

mv new.key localhost.key
overwrite `localhost.key'? y
/srv/ · Last modified: 2010/07/17 23:09 (external edit)