Suhas Prakash

 
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions. [wikipedia]

OpenSSL is provided by default in all linux installations to implement the Secure Socket Layer operations. Using OpenSSL you can establish your own certifying authority and generate and sign server side and client side certificates. More information about the OpenSSL project can be found here : The OpenSSL Project.

Establishing a certifying authority and generating certificates in an UBUNTU linux installation is particularly easy :

1. #apt-cache search libssl | grep SSL
2. #cd && mkdir -p myCA/signedcerts && mkdir myCA/private && cd myCA
3. #echo ’01′ > serial  && touch index.txt
4. Create an initial caconfig.cnf file suitable for the creation of CA certificates (refer link below)
   
5. #export OPENSSL_CONF=~/myCA/caconfig.cnf
6. #openssl req -x509 -newkey rsa:2048 -out cacert.pem -outform PEM -days 1825
7. #export OPENSSL_CONF=~/myCA/exampleserver.cnf
8. #openssl req -newkey rsa:1024 -keyout tempkey.pem -keyform PEM -out tempreq.pem -outform PEM
9. #openssl rsa < tempkey.pem > server_key.pem
10. #mv tempkey.pem server_key.pem
    
11. #export OPENSSL_CONF=~/myCA/caconfig.cnf
12. #openssl ca -in tempreq.pem -out server_crt.pem
13. #rm -f tempkey.pem && rm -f tempreq.pem

The above 13 commands create a CA – create a server certificate and also sign it. For a much detailed and informative tutorial refer : https://help.ubuntu.com/community/OpenSSL

The above process can also be automated using the CA.pl script which comes with the library — this post will be helpful for those who want to know what goes on inside the script.

: : : : : : : : : : :