OpenSSL
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. For more information on OpenSSL, you can visit their website at www.openssl.org.
OpenSSL version
This documentation was written for OpenSSL 0.9.8b but may be usefull with other versions.
How to install OpenSSL on CentOS RedHat Linux
- Install OpenSSL
yum install openssl
Note: This is typically installed on CentOS by default.
How to configure OpenSSL on CentOS RedHat Linux
- Change your working directory to /etc/pki/CA
cd /etc/pki/CA - Create a foloder to hold the Certificates
mkdir certs - Create a folder to hold the Certificate Revocation List
mkdir crl - Create a folder to hold the Server Certificates in PEM (unencrypted) format
mkdir newcerts - Create a file that holds the database of certificates
touch index.txt - Create a file that holds the next certificate serial number
echo '01' > serial - Create a file that holds the next Certificate Revocation List serial number
echo '01' > crlnumber - Make a copy the systems default openssl configuration file for our use
cp /etc/pki/tls/openssl.cnf openssl.cnf - Edit the /etc/pki/CA/openssl.cnf file making the following changes
- Change line 37
from dir = ../../CA # Where everything is kept
to dir = . # Where everything is kept - Change line 45
from certificate = $dir/cacert.pem # The CA certificate
to certificate = $dir/certs/ca.crt # The CA certificate - Change line 50
from private_key = $dir/private/cakey.pem# The private key
to private_key = $dir/private/ca.key # The private key
- Change line 37
- Make the /etc/pki/CA/openssl.cnf file not world readable
chmod 0600 openssl.cnf