User Tools
Sidebar
openssl:ca
This is an old revision of the document!
OpenSSL as CA
Use OpenSSL to create a Certificate Authority certificate and use it to generate certificates for devices in the local LAN This is a description using Window - slight modifications needed for Linux (bash)
Create the CA
Create the directories
Start an administrative PowerShell
$CANAME=<domain_name>-RootCA mkdir $CANAME cd $CANAME
Generate the private key
openssl genrsa -aes256 -out "$CANAME.key" 4096
Provide a password for the key to protect it from unauthorized use
Generate the certificate
To avoid changing the CA certificate I'll make it 10 years (3652 days) valid - any other value is possible
openssl req -x509 -new -nodes -key "$CANAME.key" -sha256 -days 3652 -out "$CANAME.crt" -subj '/CN=<MyDomain Root CA>/C=<2_digit_country_code>/ST=<state>/L=<location>/O=<organization>'
Install the root certificate
Linux
Copy the certificate to /usr/local/share/ca-certificates/
Then run as root:
update-ca-certificates
Windows
Open (double click) the certificate and install it into “Trusted Root Certificate Authorities”
openssl/ca.1697192723.txt.gz · Last modified: 2023/10/13 10:25 by olaf