HOWTO/Draft/OpenSSL


Notes on managing SSL certificates

mkdir -p ~/Documents/Certificates/Domain
cd ~/Documents/Certificates/Domain
echo "01" > serial            # serial number for certificates
touch index.txt               # list of issued certificates
mkdir certs                   # certificates that have been "picked up"
mkdir newcerts                # certificates, not "picked up"
mkdir crl                     # certificates that are revoked
mkdir private                 # private keys etc. that go with certificates
mkdir requests                # filing place for requests

# Generate CA certificate
openssl req -new -x509 -days 1460 -keyout private/cakey.pem -out cacert.pem

Generating a 1024 bit RSA private key
...............++++++
.............++++++
writing new private key to 'private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:<enter your country>
State or Province Name (full name) [Some-State]: <whatever>
Locality Name (eg, city) []:<enter your city>
Organization Name (eg, company) [Internet Widgits Pty Ltd]:<organization name>
Organizational Unit Name (eg, section) []:<whatever>
Common Name (eg, YOUR name) []:<preferrably the domain name>
Email Address []:<whatever>

#