Create a CA self-signed certificate in Linux, CSR certificate signing request

1, first edit the configuration file (destination indicates the CA directory /etc/pki/CA)

#vim /etc/pki/tls/Openssl.cnf

[ CA_default ]

dir = /etc/pki/CA # Where everything is keptcerts = $dir/certs # Where the issued certs are keptcrl_dir = $dir/crl # Where The issued crl are keptdatabase = $dir/index.txt # database index file.

# After the modification is completed, you can save and exit

2, and make the CA's own private key stored as

Switch to CA directory

#(umask 77; openssl genrsa 2048 > private/cakey.pem)

The generated key is stored in /etc/pki/CA/private/cakey .pem

Generate a self-signed certificate (file name cacert.pem)

command# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3655

Create the necessary directories and files needed for CA work

mkdir certs newcerts crl

touch index.txt serial

echo 01 > serial #serial needs one The initial number is sent to 01 with the echo<<>

3, the CSR certificate signing request (a server needs to use the http service) )

Make your own private key

#openssl genrsa 1024 > httpd.key

Create a CSR with your own private key (CSR contains your own public key and yourself) Basic information)

#openssl req -new -key httpd.key -out httpd.csr

4, CA authentication public key (CA to CSR certification, signing) #openssl ca -in httpd.csr -out httpd.crt