CA is a trusted source that can verify the authenticity of the certificate, and provide assurance that the certificate is really owned by the organization or individual that claims to own it.
openssl library provides all needed for this task. Install it:
apt-get install openssl
Once you have entered and re-entered your password, CA.plwill collect some information from you about your organization.
If we enter the pass phrase correctly, CA.plwill generate our new certificate and display its contents on the screen.
Using configuration from /usr/lib/ssl/openssl.cnf
Creating a certificate is a two-step process:
1. We need to generate the Certificate Request.
2. We need to sign the request with the CA's signature.
Let's see these steps in detail.
There are a few methods for create certificate. We could use shell command from openssl toolkit and CA.pl script whick ask us about all needed info.
In this topic we'll use CA.pl but in topic about self signed certificate we'll use command line for diversity.
To generate a new request we will run CA.pl -newreq
$ /usr/lib/ssl/misc/CA.pl -newreq
Generating a 2048 bit RSA private key