initial commit

2025-11-07 03:44:26 +00:00
commit 5d688e1ba7
8 changed files with 434 additions and 0 deletions
--- a/tls_docs/ca/root_ca_config.md
+++ b/tls_docs/ca/root_ca_config.md
@@ -0,0 +1,39 @@
+# Create the Root CA
+
+The Root CA is the *root* of the trust tree. This will be used to create other Intermediate CAs ***ONLY***
+
+### Create directories, serial file, and index file for the Root CA
+
+```
+mkdir -p /path/to/root_ca/{bundles,certs,csr,crl,newcerts,private}
+chmod 700 private
+touch index.txt
+echo 1000 > serial
+```
+
+### Create the configuration for signing
+
+Copy the [root.cnf](./root.cnf) set the location of the root-ca.key and root-ca.crt for the private_key and certificate options and the `dir` option. This will make it where you don't have to specify the certificate and key when signing certificates
+
+### Create Root CA key
+
+```
+cd root_ca
+openssl genrsa -aes256 -out private/root-ca.key 4096
+chmod 400 private/root-ca.key
+```
+
+### Signing Root CA certificate
+
+```
+openssl req -config root.cnf -key private/root-ca.key -new -x509 -days 7300 -extensions v3_ca -out certs/root-ca.crt
+chmod 444 certs/root-ca.crt
+```
+
+### Verify root cert (cert will be encoded so the below command is necessary)
+
+```
+openssl x509 -noout -text -in certs/root-ca.crt
+```
+
+***THE ONLY CERTIFICATES TO BE SIGNED WITH THE ROOT CA ARE CERTIFICATES FOR INTERMEDIATE CAs***. Now the [Intermediate CA](./intermediate_ca_config.md) (or any number of Intermediate CAs) can be created.