Previous topic

Plone On Ubuntu

Next topic

Creating Self-signed Server Certificates

This Page

Creating your own CA certificateΒΆ

Run the following to make a CA cert:

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

This makes the CA cert valid for one year.

The genrsa command will require a pass-phrase, which needs to be remembered. Answer the questions for the req command. The common name (CN) must be different for any of the server’s that are going to be counter-signed with this CA cert.

These now need to be secured: back them up to somewhere very secure (like an USB stick that is kept secure), and/or protect these files by making them readable by root only:

chmod 400 ca.*

This CA cert can be used to counter-sign server certs.