How to create a certificate authority

Generate your root key:

$ openssl genpkey -out ca.key.pem -algorithm RSA
...............................+++
..................................................................................................................+++

Generate your self-signed root certificate. Confusingly, this is done with openssl req, which is ordinarily used to create CSRs.

Your client then generates their private key:

$ openssl genpkey -out private_key.pem -algorithm RSA
........................................+++
.................................................................+++

Client generates their public key:

$ openssl pkey -in private_key.pem -out public_key.pem -pubout

Client generates CSR for public key:

$ openssl req -new -out CSR.csr -key private_key.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:GB
State or Province Name (full name) []:London
Locality Name (eg, city) []:London
Organization Name (eg, company) []:Acme Donuts Ltd.
Organizational Unit Name (eg, section) []:IT
Common Name (eg, fully qualified host name) []:donuts.co.uk
Email Address []:dan@donuts.co.uk

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

Client sends you this public key.

What can computers do? What are the limits of mathematics? And just how busy can a busy beaver be? This year, I’m writing Busy Beavers, a unique interactive book on computability theory. You and I will take a practical and modern approach to answering these questions — or at least learning why some questions are unanswerable!

It’s only $19, and you can get 50% off if you find the discount code ... Not quite. Hackers use the console!

After months of secret toil, I and Andrew Carr released Everyday Data Science, a unique interactive online course! You’ll make the perfect glass of lemonade using Thompson sampling. You’ll lose weight with differential equations. And you might just qualify for the Olympics with a bit of statistics!

It’s $29, but you can get 50% off if you find the discount code ... Not quite. Hackers use the console!

More by Jim

Tagged . All content copyright James Fisher 2017. This post is not associated with my employer. Found an error? Edit this page.