🥷
🥷
文章目录
  1. With Vault
  2. With Openssl
  3. Install Root CA in Server
  4. Resources

How to build your own Certificate Authority

image

With Vault

Actually, i don’t want repeat it again. so, please follow this documents: https://learn.hashicorp.com/vault/secrets-management/sm-pki-engine

You have three choices:

  1. GUI
  2. API
  3. CLI

And finally, you would see that:

Screen Shot 2020-03-21 at 2 06 13 PM

Screen Shot 2020-03-21 at 2 08 51 PM

Screen Shot 2020-03-21 at 2 11 51 PM

With Openssl

1
2
3
4
5
$ openssl genrsa -des3 -out rootCA.key 4096
$ openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt
$ openssl genrsa -out 91sec.vip.key 2048
$ openssl req -new -key 91sec.vip.key -out 91sec.vip.csr
$ openssl x509 -req -in 91sec.vip.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out 91sec.vip.crt -days 500 -sha256

Screen Shot 2020-03-21 at 2 24 14 PM
Screen Shot 2020-03-21 at 2 25 51 PM
Screen Shot 2020-03-21 at 2 49 16 PM

Install Root CA in Server

  • Ubuntu
1
2
3
$ sudo mkdir /usr/share/ca-certificates/extra
$ sudo cp foo.crt /usr/share/ca-certificates/extra/foo.crt #Copy the CA .crt file to this directory
$ sudo dpkg-reconfigure ca-certificates #add the .crt file's path relative to /usr/share/ca-certificates to /etc/ca-certificates.conf
  • Centos
1
2
3
$ sudo cp foo.crt /etc/pki/tls/certs/ca-bundle.crt
$ update-ca-trust enable
$ update-ca-trust extract

Also, you can install CA to gold image

Resources