Once you have installed the OpenSSL package, change directory to /usr/ssl/misc (again, may be different based on your distribution).The OpenSSL distribution provides a perl script that greatly simplifies the creation of a CA, certificate requests and certificate signing. In the misc directory execute the following:
root@zen:/usr/ssl/misc > ./CA.pl -newca
CA certname (or enter to create)
Making CA certificate ...
Using configuration from /usr/ssl/openssl.cnf
Generating a 1024 bit RSA private key...++++++ ....++++++
writing new private key to ./DemoCA/private/cakey.pem
Enter PEM pass phrase:
Verifying password -
Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated into your certificate
request.
What you are about to enter is what is called a Distinguished Name or a DN. There are quite a
few fields but you can leave some blank
For some fields there will be a default value, If you enter the field will be left blank.
-----
Country Name (2 letter code) [UK]:UK
State or Province Name (full name) [Some-State]:Herts
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SuSE Linux UK Ltd
Organizational Unit Name (eg, section) []:SUSEUK
Common Name (eg, YOUR name) []:SuSE Linux UK
Certificate Authority Email Address []:justin@suse.co.uk
This creates the CA certificate and a private key. It is very important to use a good, solid pass phrase for the certificate as anyone who has access to the certificate can fake an authentic certificate from your CA. The default location of the CA files is in the ./DemoCA directory. To change this you will need to edit the CA.pl script to make the CA in a different directory. We will go with the default here as it helps keep things nice and simple.