I am trying to set it a basic CA to use in some of our test projects on Redhat 9.0. I am new to this and have never done this before, but based on some links and howtos which provided the steps, I did a few things.
Firstly on the client I generated a request as such,
openssl req -newkey rsa:1024 -keyout client001privkey.pem -keyform PEM -out client001req.pem -outform PEM -nodes
and sent it to the server
On the server side, I did the following,
Firstly, I created a root certficate as such.
openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 10000
then, I signed the certificate as such,
openssl ca -in client001req.pem -notext -out client001cert.cert
All that worked great (and the links I followed did not go beyond this!!), but now I am not sure about the following in Redhat 9.0
- how do I add the server key to the trusted root CA
- how do I add the signed certicate on the client
Also, could you provide any tips, personal preferences on where to maintain the private and public keys on the client and on
the server. A whereis on openssl on all my RH9 machines normally returns,
openssl: /usr/bin/openssl /usr/include/openssl /usr/share/man/man1/openssl.1ssl.gz
There are also the following files/directories,
CA cert.pem certs lib misc openssl.cnf private
in /usr/share/ssl/
Please advice.
Thanks.
Firstly on the client I generated a request as such,
openssl req -newkey rsa:1024 -keyout client001privkey.pem -keyform PEM -out client001req.pem -outform PEM -nodes
and sent it to the server
On the server side, I did the following,
Firstly, I created a root certficate as such.
openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 10000
then, I signed the certificate as such,
openssl ca -in client001req.pem -notext -out client001cert.cert
All that worked great (and the links I followed did not go beyond this!!), but now I am not sure about the following in Redhat 9.0
- how do I add the server key to the trusted root CA
- how do I add the signed certicate on the client
Also, could you provide any tips, personal preferences on where to maintain the private and public keys on the client and on
the server. A whereis on openssl on all my RH9 machines normally returns,
openssl: /usr/bin/openssl /usr/include/openssl /usr/share/man/man1/openssl.1ssl.gz
There are also the following files/directories,
CA cert.pem certs lib misc openssl.cnf private
in /usr/share/ssl/
Please advice.
Thanks.
