This can be done with OpenSSL, by doing: openssl req -new -config ~erl/lewin.nu-CA/openssl.cnf -out cert.csr
You will be asked for the information in the certificate.
This will result in two files, cert.csr which you send to the certificate authority, and one, privkey.pem, which contains your secret private key, which should not be sent or shown to anyone.
The private key will be encrypted with a pass-phrase, unless you specify the -nodes option to openssl.
Send the cert.csr to the CA.
openssl ca sign -config openssl.cnf -in cert.csr -out cert.pem
Then send cert.pem to the new owner of the certificate.
Sendmail has certificates in /etc/mail/certs.
Create a directory to house the new certificate authority
It must have subdirectories certs, crl, newcerts, private. Also create a text file called "serial" containing "01", and an empty file called index.txt.
Edit /etc/openssl.cnf with settings for the new CA.
Execute the following command in the CA's directory. You will be asked for info in the CA's certificate, and a passcode to protect the certificate authority's key.
openssl req -new -x509 -keyout private/cakey.pem -out certs/cacert.pem
Copy the certs/cacert.pem file to /etc/httpd/conf/ssl.crt/<domain>.ssl.crt
Configure the virtual server in httpd.conf with the SSLCertificateFile directive to point at this file
Use the following command (for a certificate valid for one year).
ca-name is the name of the Certificate Authority used in /etc/openssl.cnf
Don't do this in the CA directory
openssl req -nodes -new -keyout newkey.pem -out newreq.pem -days 360
The certificate requset will be stored in the newreq.pem file. The private key will be in newkey.pem. Make sure to keep the private key secret /chmod newkey.pem go-rw.
Use the following command. You can use the -policy policy_anthing if you want to sign the certificate despite missing fields
openssl ca -name phogle.com -out newcert.pem -infiles newreq.pem
As root, copy the key to the web server key directory (cp newkey.pem /etc/httpd/conf/ssl.key/<domain;gt;.key)
Back to System Information