CentOS - Aug 2007 - Creating your own CA and SSL certificates

I've been looking all over (google, wiki, manuals) for docs, and I
can't find any mention of how to set up a CA or certificates
*specifically for centos 5 / upstream 5*.  There are plenty of generic
guides on using openssl for this sort of thing, but I'd like to play
nice within the standard structure of this system.

I've found the /etc/pki directory, but can't find much information
about it.  I reviewed the openssl.cnf file, and it looks like it's not
completely set up, as many directories it references do not exist on
the system.

What I'm looking to do is set up my own CA, then make some
certificates for use with SSL, and sign them with the CA.  This will
be used for internal purposes.

Any pointers to guides or information would be appreciated.
Thanks.

On Monday, August 27, 2007 5:19 PM -0400 Brian Mathis 
<brian.mathis at gmail.com> wrote:
> I've found the /etc/pki directory, but can't find much information
> about it.  I reviewed the openssl.cnf file, and it looks like it's not
> completely set up, as many directories it references do not exist on
> the system.
A good place to start is /etc/pki/tls/certs/Makefile.

I've just started using CentOS5, migrating from Fedora, so I'm not yet
up
to speed on the relocation of OpenSSL from /usr/share/openssl to 
/etc/pki/tls, but that Makefile is mostly what I used to create self-signed 
certs, or I used variations of the commands it suggested.

On Mon, 2007-08-27 at 17:19 -0400, Brian Mathis wrote:
> I've been looking all over (google, wiki, manuals) for docs, and I
> can't find any mention of how to set up a CA or certificates
> *specifically for centos 5 / upstream 5*.  There are plenty of generic
> guides on using openssl for this sort of thing, but I'd like to play
> nice within the standard structure of this system.
> 
> I've found the /etc/pki directory, but can't find much information
> about it.  I reviewed the openssl.cnf file, and it looks like it's not
> completely set up, as many directories it references do not exist on
> the system.
> 
> What I'm looking to do is set up my own CA, then make some
> certificates for use with SSL, and sign them with the CA.  This will
> be used for internal purposes.
> 
> Any pointers to guides or information would be appreciated.
> Thanks.
Hi Brian, I did some more digging and maybe this link has some
information that is useful:
http://blog.laimbock.com/2007/08/28/svn-and-websvn-over-ssl-with-self-signed-certificates/
The self-signed certificate stuff is at item 10 to 14 (skip 12).

Regards,
Patrick

Brian Mathis wrote:
> I've been looking all over (google, wiki, manuals) for docs, and I
> can't find any mention of how to set up a CA or certificates
> *specifically for centos 5 / upstream 5*.  There are plenty of generic
> guides on using openssl for this sort of thing, but I'd like to play
> nice within the standard structure of this system.
>   
Consider getting TinyCA2 from rpmforge.

It more than does the job. In fact you can create your own root cert and 
any number of server certs. then just the one root cert installed in 
browsers will take care of all your TLS needs.
> I've found the /etc/pki directory, but can't find much information
> about it.  I reviewed the openssl.cnf file, and it looks like it's not
> completely set up, as many directories it references do not exist on
> the system.
>
> What I'm looking to do is set up my own CA, then make some
> certificates for use with SSL, and sign them with the CA.  This will
> be used for internal purposes.
>
> Any pointers to guides or information would be appreciated.
> Thanks.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

On 8/27/07, Brian Mathis <brian.mathis at gmail.com>
wrote:
> I've been looking all over (google, wiki, manuals) for docs, and I
> can't find any mention of how to set up a CA or certificates
> *specifically for centos 5 / upstream 5*.  There are plenty of generic
> guides on using openssl for this sort of thing, but I'd like to play
> nice within the standard structure of this system.
>
> I've found the /etc/pki directory, but can't find much information
> about it.  I reviewed the openssl.cnf file, and it looks like it's not
> completely set up, as many directories it references do not exist on
> the system.
>
> What I'm looking to do is set up my own CA, then make some
> certificates for use with SSL, and sign them with the CA.  This will
> be used for internal purposes.
>
> Any pointers to guides or information would be appreciated.
> Thanks.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
take a look  at :

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-httpd-secure-server.html


-- 
Leonel