OpenSSL Certificate Authority
  • Introduction
  • Create the root pair
    • Prepare the directory
    • Prepare the configuration file
    • Create the root key
    • Create the root certificate
    • Verify the root certificate
  • Create the intermediate pair
    • Prepare the directory
    • Create the intermediate key
    • Create the intermediate certificate
    • Verify the intermediate certificate
    • Create the certificate chain file
  • Sign server and client certificates
    • Create a key
    • Create a certificate
    • Verify the certificate
    • Deploy the certificate
  • Certificate revocation lists
    • Prepare the configuration file
    • Create the CRL
    • Revoke a certificate
    • Server-side use of the CRL
    • Client-side use of the CRL
  • Online Certificate Status Protocol
    • Prepare the configuration file
    • Create the OCSP pair
    • Revoke a certificate
  • Appendix
    • Root CA configuration file
    • Intermediate CA configuration file

OpenSSL Certificate AuthorityΒΆ

This guide demonstrates how to act as your own certificate authority (CA) using the OpenSSL command-line tools. This is useful in a number of situations, such as issuing server certificates to secure an intranet website, or for issuing certificates to clients to allow them to authenticate to a server.

  • Introduction
  • Create the root pair
    • Prepare the directory
    • Prepare the configuration file
    • Create the root key
    • Create the root certificate
    • Verify the root certificate
  • Create the intermediate pair
    • Prepare the directory
    • Create the intermediate key
    • Create the intermediate certificate
    • Verify the intermediate certificate
    • Create the certificate chain file
  • Sign server and client certificates
    • Create a key
    • Create a certificate
    • Verify the certificate
    • Deploy the certificate
  • Certificate revocation lists
    • Prepare the configuration file
    • Create the CRL
    • Revoke a certificate
    • Server-side use of the CRL
    • Client-side use of the CRL
  • Online Certificate Status Protocol
    • Prepare the configuration file
    • Create the OCSP pair
    • Revoke a certificate
  • Appendix
    • Root CA configuration file
    • Intermediate CA configuration file

Version 1.0.4 — Last updated on 2015-12-09.

© Copyright 2013-2015, Jamie Nguyen. Created with Sphinx using a custom-built theme.