Page History
...
Generate a private key file (ca.key) for the Root CA using the command below. You will be required to enter a pass phrase to be associated with the ca.key file.
Tip Make note of this pass phrase for the Root CA private key file (ca.key) as it will be used multiple times whilst creating the certificate hierarchy.
Code Block language text openssl genrsa -des3 -out ca/ca.key 2048
Generate a self-signed certificate (ca.crt) for the Root CA using the command below. This command generates a new self-signed X.509 certificate named "ca.crt" valid for 3650 days (10 years) using the RSA private key "ca.key". A "ca.srl" file will also be created containing the signed certificate's unique serial number. You will be required to enter the pass phrase associated with the private key file "ca.key".
Code Block language text openssl req -new -x509 -key ca/ca.key -days 3650 -out ca/ca.crt
Note There are a number of fields associated with the creation of the certificate. The required fields are:
Country Name (2 letter code) []: Your country code
State or Province Name (full name) []: Your state
Locality Name (eg, city) []: Your city
Organization Name (eg, company) []: Your organization name
Organizational Unit Name (eg, section) []: CA
Common Name (eg, fully qualified host name) [] This MUST be the Fully Qualified Domain Name (FQDN) of the Chariot server
Email Address []: Your email address
...
Overview
Content Tools