How-to Setup Your Own SSL CA and Generate a Signed Certificate on Ubuntu 14.04 Trusty LTS Easy Guide

May 18th, 2014 by thelinuxevangelist

Setup Self CA and Signed Certificate on Ubuntu 14.04 Trusty




The Tutorial Shows You Step-by-Step How-to Getting-Started with Your Own Self SSL Certification Authority and Signed Certificate on Ubuntu 14.04 Trusty Tahr LTS Linux.

Using certificates signed by your own CA, allows the various services using the certificates to easily trust other services using certificates issued from the same CA.

How-to Setup Your Own SSL Certification Authority on Ubuntu 14.04 Trusty LTS - Featured
  1. Login into Shell

    Or Open a Command Line Terminal Window
    (Press “Enter” to Execute Commands)

    Ctrl+Alt+T

    Setup Your Own SSL Certification Authority on Ubuntu 14.04 Trusty - Open Terminal
  2. Create the Directories to Hold CA Files

    sudo su

    If Got “User is Not in Sudoers file” then Look: Solution

    mkdir /etc/ssl/CA
    mkdir /etc/ssl/newcerts
  3. Set the First Certificate Serial Number

    echo '01' > /etc/ssl/CA/serial

    That because Each Certificate need to have a Unique Serial Number.

  4. Create File to Record Issued Certificates

    touch /etc/ssl/CA/index.txt
  5. Edit the CA Configuration File

    nano /etc/ssl/openssl.cnf

    In [CA_default] Section Change:

    dir       = /etc/ssl/       # Where everything is kept
    database    = $dir/CA/index.txt   # database index file.
    certificate   = $dir/certs/cacert.pem # The CA certificate
    serial     = $dir/CA/serial    # The current serial number
    private_key   = $dir/private/cakey.pem# The private key
    
  6. Create a Self-Signed Root Certificate

    exit
    openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
  7. Install Self-Signed Root Certificate and Key

    sudo su -c "mv ./cakey.pem /etc/ssl/private/"
    sudo su -c "mv ./cacert.pem /etc/ssl/certs/"
  8. How-to Generate a Certificate Signing Request on Ubuntu

    Create a CSR on Ubuntu
  9. With the CSR Generate the Certificate Signed by Your Own CA

    sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf

    You will be Prompted to Enter a Pass, Sign the Certificate and finally to Commint the New Certificate.

    The Certificates will be Named as 01.pen, 02.pem, 03.pem, etc.

  10. Create the New Certificate for Your Domain

    1. Get the Certificate Content

      Example:

      cat /etc/ssl/newcerts/01.pem
    2. Copy the Enter Section between: -----BEGIN CERTIFICATE----- and continuing through the line: ----END CERTIFICATE-----

    3. Create the Certificate for Your Domain

      Example:
      nano example.com.crt
    4. Replace "example.com" with the Hostname of the server where the certificate will be installed.

      Paste In the Section Copied from the Above Command.

  11. Install the New Certificate for Your Domain

    sudo su

    If Got "User is Not in Sudoers file" then Look: Solution

    Example:

    sudo cp example.com.crt /etc/ssl/certs
  12. /etc/ssl/certs is the Default Location to Install Certificates.

    or applications that can be configured to use a CA certificate, you should also copy the /etc/ssl/certs/cacert.pem file to the /etc/ssl/certs/ directory on each server.

Tags: , , , , , , , , , ,