This project is a set of scripts which :
- Creates a ROOT CA
- Create an intermediate CA signed with the ROOT CA
- Prompts for information that should go into the CA's certificate information
- Scripts to sign client and server certificate requests
The certificate generated are valid for 10 years. Change the script files if you need another validity period.
- Clone this repository
- The Certificate Authority now needs to be generated :
./createCa.sh - Input the information that OpenSSL needs to generate the certificates. Note you get prompted for the root CA and also for the intermediate CA.
- The script should now have completed without errors. The certificate is now in
certs/ca.crt. You must install this Root CA certificate on hosts that must trusts the certificates signed by the Intermediate CA. Note that only the Root CA is necessary in a trustore.
It is assumed that requests are generated by the other project. This generates a tgz file which contains all the necessary information about the certificate that needs to be signed.
- Copy the request tgz file into the
requestsdirectory. - Sign it like so :
cp path/to/<certRequest>.tgz requests/ cd requests ./signServerCert.sh <certRequest> - The signed certificate will be packaged into
requests/<certRequest>-signed.tgz. This file contains both the certificate and the certificate chain which contains the signed certificate and the intermediate CA. Note that the chain is required during SSL validation so the validator which knows only about the Root CA is able to validate the whole chain of trust.