How to create a certificate authority
Generate your root key:
$ openssl genpkey -out ca.key.pem -algorithm RSA
...............................+++
..................................................................................................................+++
Generate your self-signed root certificate.
Confusingly, this is done with openssl req,
which is ordinarily used to create CSRs.
Your client then generates their private key:
$ openssl genpkey -out private_key.pem -algorithm RSA
........................................+++
.................................................................+++
Client generates their public key:
$ openssl pkey -in private_key.pem -out public_key.pem -pubout
Client generates CSR for public key:
$ openssl req -new -out CSR.csr -key private_key.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:GB
State or Province Name (full name) []:London
Locality Name (eg, city) []:London
Organization Name (eg, company) []:Acme Donuts Ltd.
Organizational Unit Name (eg, section) []:IT
Common Name (eg, fully qualified host name) []:donuts.co.uk
Email Address []:dan@donuts.co.uk
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
Client sends you this public key.
WFH on lockdown, like me?
Let’s help each other out!
I just released Vidrio,
a free app for macOS and Windows to make your screen-sharing awesomely holographic.
“Oh damn that's genius”, said some YouTuber when he saw it.
But don't believe him, or the #1 on Product Hunt.
Instead, believe this demo:
With Vidrio
With generic competitor
More by Jim
- A probabilistic pub quiz for nerds
- Time is running out to catch COVID-19
- The inception bar: a new phishing method
- The hacker hype cycle
- Project C-43: the lost origins of asymmetric crypto
- How Hacker News stays interesting
- My parents are Flat-Earthers
- The dots do matter: how to scam a Gmail user
- The sorry state of OpenSSL usability
- I hate telephones
- The Three Ts of Time, Thought and Typing: measuring cost on the web
- Granddad died today
- Your syntax highlighter is wrong
Tagged . All content copyright James Fisher 2017. This post is not associated with my employer. Found an error? Edit this page.