OpenSSL

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.  For more information on OpenSSL, you can visit their website at www.openssl.org.

OpenSSL version

This documentation was written for OpenSSL 0.9.8b but may be usefull with other versions.

How to install OpenSSL on CentOS RedHat Linux

1. Install OpenSSL
   yum install openssl
   Note: This is typically installed on CentOS by default.

How to configure OpenSSL on CentOS RedHat Linux

1. Change your working directory to /etc/pki/CA
   cd /etc/pki/CA
2. Create a foloder to hold the Certificates
   mkdir certs
3. Create a folder to hold the Certificate Revocation List
   mkdir crl
4. Create a folder to hold the Server Certificates in PEM (unencrypted) format
   mkdir newcerts
5. Create a file that holds the database of certificates
   touch index.txt
6. Create a file that holds the next certificate serial number
   echo '01' > serial
7. Create a file that holds the next Certificate Revocation List serial number
   echo '01' > crlnumber
8. Make a copy the systems default openssl configuration file for our use
   cp /etc/pki/tls/openssl.cnf openssl.cnf
9. Edit the /etc/pki/CA/openssl.cnf file making the following changes
   1. Change line 37
      from dir             = ../../CA              # Where everything is kept
      to dir             = .                     # Where everything is kept
   2. Change line 45
      from certificate     = $dir/cacert.pem       # The CA certificate
      to certificate     = $dir/certs/ca.crt     # The CA certificate
   3. Change line 50
      from private_key     = $dir/private/cakey.pem# The private key
      to private_key     = $dir/private/ca.key   # The private key
10. Make the /etc/pki/CA/openssl.cnf file not world readable
    chmod 0600 openssl.cnf