Setup CA Sever - CentOS/Red Hat 6.x/7.x

Setting up a CA server in Linux is quick and easy and is a direct replacement for Microsoft CA. This article applies to both CentOS/Red Hat 6.x and 7.x versions. Let's start with installing the required packages for the CA server setup.

First need to install openssl.

# yum -y install openssl

Once the install is done proceed with editing the 'openssl.cnf' file. The default openssl file lives in /etc/pki/tls/ but for this article we are gonna copy it to CA folder.

# cp -av /etc/pki/tls/openssl.cnf /etc/pki/CA/openssl.cnf

Then edit 'openssl.cnf' and change the following parameters. You can change the values depending on your requirements.

# vi /etc/pki/CA/openssl.cnf
dir = /etc/pki/CA
certificate = $dir/certs/ca.crt
private_key = $dir/private/ca.key
string_mask = pkix

Now generate a RootCA cert so that it can be used for signing CSR requests. Set the expiry date according to your requirements. I have set 2 years (730 days) for this article.

# openssl req -new -config openssl.cnf -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 730

So, now if you check the folders for private key and CA cert you will have the following.

# ls /etc/pki/CA/certs/ && ls /etc/pki/CA/private/
ca.crt # RootCA
ca.key # Private Key

The generated CA cert can be verified in plain text by running the below command.

# openssl x509 -in /etc/pki/CA/certs/ca.crt -text -noout

That's it you should be up and running with a linux CA server. Follow this link for creating CSR and getting it signed by this CA.

Most Read Articles

Add/Detect a new disk in ...

Written By Farooq Mohammed Ahmed on Sunday, 11 January 2015 19:22
Add/Detect a new disk in ...

Upgrade Red Hat Satellite...

Written By Farooq Mohammed Ahmed on Friday, 22 April 2016 18:33
Upgrade Red Hat Satellite...

Cacti Install and Config ...

Written By Farooq Mohammed Ahmed on Monday, 30 November 2015 11:13
Cacti Install and Config ...

Using awk in Alias Comman...

Written By Farooq Mohammed Ahmed on Friday, 19 February 2016 14:22
Using awk in Alias Comman...

Replace SSL Certificates ...

Written By Farooq Mohammed Ahmed on Friday, 16 December 2016 08:05
Replace SSL Certificates ...