Setup Self CA and Signed Certificate on Ubuntu 14.04 Trusty
Hi! The Tutorial shows you Step-by-Step How to Getting-Started with your Own Self SSL Certification Authority and Signed Certificate on Ubuntu 14.04 Trusty Tahr LTS Linux.
Using certificates signed by your own CA, allows the various services using the certificates to easily trust other services using certificates issued from the same CA.
-
Login into Shell.
Or Open a Command Line Terminal Window
(Press “Enter” to Execute Commands)
Ctrl+Alt+T
In case first see: Terminal QuickStart Guide.
-
Create the Directories to Hold CA Files.
sudo su
If Got “User is Not in Sudoers file” then see: How to Enable sudo
mkdir /etc/ssl/CA
mkdir /etc/ssl/newcerts
-
Set the First, Certificate Serial Number.
echo '01' > /etc/ssl/CA/serial
That because Each Certificate need to have a Unique Serial Number.
-
Create File to Record Issued Certificates.
touch /etc/ssl/CA/index.txt
-
Edit the CA Configuration File.
nano /etc/ssl/openssl.cnf
In [CA_default] Section Change:
dir = /etc/ssl/ # Where everything is kept database = $dir/CA/index.txt # database index file. certificate = $dir/certs/cacert.pem # The CA certificate serial = $dir/CA/serial # The current serial number private_key = $dir/private/cakey.pem# The private key
-
Create a Self-Signed Root Certificate.
exit
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
-
Install Self-Signed Root Certificate and Key.
sudo su -c "mv ./cakey.pem /etc/ssl/private/"
sudo su -c "mv ./cacert.pem /etc/ssl/certs/"
-
How to Generate a Certificate Signing Request on Ubuntu.
-
With the CSR Generate the Certificate Signed by your Own CA.
sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf
You will be Prompted to Enter a Pass, Sign the Certificate and finally to Commint the New Certificate.
The Certificates will be Named as 01.pen, 02.pem, 03.pem, etc.
-
Create the New Certificate for your Domain.
-
Get the Certificate Content.
Example:
cat /etc/ssl/newcerts/01.pem
Copy the Enter Section between: -----BEGIN CERTIFICATE----- and continuing through the line: ----END CERTIFICATE-----.
-
Create the Certificate for your Domain.
Example:nano example.com.crt
Replace "example.com" with the Hostname of the server where the certificate will be installed.
Paste In the Section Copied from the Above Command.
Install the New Certificate for your Domain.
sudo su
If Got "User is Not in Sudoers file" then see: How to Enable sudo
Example:
sudo cp example.com.crt /etc/ssl/certs
/etc/ssl/certs is the Default Location to Install Certificates.
or applications that can be configured to use a CA certificate, you should also copy the /etc/ssl/certs/cacert.pem file to the /etc/ssl/certs/ directory on each server.
