In this exercise we will set up a private SSL certificate authority for managing digital certificates which will be import into client applications. We will use openssl for make this certificates. It is important to follow step by step to create properly CA. It is important to follow step by step to create properly CA. We need to install openssh first.
You will need to setup some basic things in this point. It means directory where you will put your certs, keys, and all other things you need. Go to the directory where is *.config for openssl. Open for editing file /etc/pki/tls/openssl.cnf and change next lines:
certificate = $dir/certificate.crt The CA certificate
crl = $dir/certificate.crl The current CRL
private_key = $dir/private/certificate.key The private key
countryName_default = RS Default country
stateOrProvinceName_default = Beograd
localityName_default = Beograd
0.organizationName_default = SETENFORCE
OK, now you need to add folders which are defined in previous file. Pay attention that all subdirectorys in CA should be owned by root.
Also you need to setup index.txt file and insert 01 (number for cert) in serial file.
OK, now we need to make private key. You will be prompted for passphrase, type some word, and remember. You will need this passphrase.
Let's make certificate now.
When you are prompted for hostname of machine, you have to add hostname for machine you are make certs, in any different case it won't work. So, in mine case this should be security1.setenforce.com certificate.crt is certificate you need to distribute to your clients.