Prerequisites
If you’re on a Mac, please ensure you have XCode installed.
If you’re on a Linux machine, please ensure you have the necessary openssl dependencies installed.
Creating the Directories
Create a folder for your CA.
Inside this CA, create the following at command line:
mkdir newcerts private
echo '12345601' >serial
touch index.txt
OpenSSL CA Configuration File
Copy the openssl.cnf file provided along with this document to the folder for the CA.
Generate the Root CA
Execute this command at the CLI in the folder where you have created the files and placed the openssl.cnf file.
openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -subj "/C=US/ST=California/L=San Jose/OU=vIPtela Test/O=vIPtela Inc/emailAddress=aliis@cisco.com" -passout pass:PASSWORD
Signing Certificates
Copy the CSR for the new appliance in to the directory where you have the cacert.pem file generated. Use this command to sign new certificates.
openssl ca -out signed-cert.pem -config ./openssl.cnf -passin pass:PASSWORD -infiles signing-request.csr
Verifying Certificates
In the folder where you have the signed certificate for the CSR generated from the appliance, run the following command to validate that the certificate has been signed.
openssl verify -CAfile ./cacert.pem -verbose signed-cert.pem
No comments:
Post a Comment