OpenSSL Certificate Authority

This guide demonstrates how to act as your own certificate authority (CA) using the OpenSSL command-line tools. This is useful in a number of situations, such as issuing server certificates to secure an intranet website, or for issuing certificates to clients to allow them to authenticate to a server.

• Introduction
• Create the root pair
  • Prepare the directory
  • Prepare the configuration file
  • Create the root key
  • Create the root certificate
  • Verify the root certificate
• Create the intermediate pair
  • Prepare the directory
  • Create the intermediate key
  • Create the intermediate certificate
  • Verify the intermediate certificate
  • Create the certificate chain file
• Sign server and client certificates
  • Create a key
  • Create a certificate
  • Verify the certificate
  • Deploy the certificate
• Certificate revocation lists
  • Prepare the configuration file
  • Create the CRL
  • Revoke a certificate
  • Server-side use of the CRL
  • Client-side use of the CRL
• Online Certificate Status Protocol
  • Prepare the configuration file
  • Create the OCSP pair
  • Revoke a certificate
• Appendix
  • Root CA configuration file
  • Intermediate CA configuration file

Version 1.0.4 — Last updated on 2015-12-09.

© Copyright 2013-2015, Jamie Nguyen. Created with Sphinx using a custom-built theme.