CA is a trusted source that can verify the authenticity of the certificate, and provide assurance that the certificate is really owned by the organization or individual that claims to own it.
openssl library provides all needed for this task. Install it:
apt-get install openssl
cd ~ /usr/lib/ssl/misc/CA.pl -newca
Once you have entered and re-entered your password, CA.plwill collect some information from you about your organization.
If we enter the pass phrase correctly, CA.plwill generate our new certificate and display its contents on the screen.
Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 9914801594685885158 (0x89987384fdba8ae6) Validity Not Before: Dec 2 09:40:27 2013 GMT Not After : Dec 1 09:40:27 2016 GMT Subject: countryName = UA stateOrProvinceName = Kyiv organizationName = home commonName = Chyrkov Oleksandr emailAddress = firstname.lastname@example.org X509v3 extensions: X509v3 Subject Key Identifier: D4:54:8E:BD:6B:3E:E5:4D:6D:30:77:71:B8:E9:31:CF:A2:DF:6F:1F X509v3 Authority Key Identifier: keyid:D4:54:8E:BD:6B:3E:E5:4D:6D:30:77:71:B8:E9:31:CF:A2:DF:6F:1F X509v3 Basic Constraints: CA:TRUE Certificate is to be certified until Dec 1 09:40:27 2016 GMT (1095 days) Write out database with 1 new entries Data Base Updated
Your own CA is created.