Create a directory for your CA and configure it in your openssl.cnf (Parameter “dir”).
In this Case “/etc/pki/CA“ will be used.
mkdir -p /etc/pki/CA/private
cd /etc/pki/CA/
openssl genrsa -des3 -out private/cakey.pem 2048
openssl req -new -key private/cakey.pem \
-out careq.pem
Fill out the fields for the DN (Distinguished Name) like the country name, the name of your organization and the common name of your certificate authority.
openssl x509 -days 1095 -signkey private/cakey.pem \
-CAserial serial \
-set_serial 00 \
-in careq.pem -req \
-out cacert.pem
openssl x509 -in cacert.pem \
-out cacert.cer \
-outform DER
echo -n '00' > serial
The index.txt is a tab separated file with the following columns:
You can parse the values from the certificate:
openssl x509 -in cacert.pem -serial -enddate -subject
echo -e "V\t120522135101Z\t\t00\tcacert.pem\t/C=AT/ST=Upper Austria/L=Linz/O=MyCompany/CN=MY Companys CA" > index.txt