calvin.house/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7214b9d200211e679db7bf94e392de7de587654f
docs/tls_docs/ca/root_ca_config.md
chouse 5d688e1ba7 initial commit
2025-11-07 03:44:26 +00:00

1.2 KiB
Raw Blame History

Create the Root CA

The Root CA is the root of the trust tree. This will be used to create other Intermediate CAs ONLY

Create directories, serial file, and index file for the Root CA

mkdir -p /path/to/root_ca/{bundles,certs,csr,crl,newcerts,private}
chmod 700 private
touch index.txt
echo 1000 > serial

Create the configuration for signing

Copy the root.cnf set the location of the root-ca.key and root-ca.crt for the private_key and certificate options and the dir option. This will make it where you don't have to specify the certificate and key when signing certificates

Create Root CA key

cd root_ca
openssl genrsa -aes256 -out private/root-ca.key 4096
chmod 400 private/root-ca.key

Signing Root CA certificate

openssl req -config root.cnf -key private/root-ca.key -new -x509 -days 7300 -extensions v3_ca -out certs/root-ca.crt
chmod 444 certs/root-ca.crt

Verify root cert (cert will be encoded so the below command is necessary)

openssl x509 -noout -text -in certs/root-ca.crt

THE ONLY CERTIFICATES TO BE SIGNED WITH THE ROOT CA ARE CERTIFICATES FOR INTERMEDIATE CAs. Now the Intermediate CA (or any number of Intermediate CAs) can be created.

Reference in New Issue View Git Blame Copy Permalink