Create your own Certificate Authority

Step 1 : Create the private key

As the first step you should create the private key for the CA. You can simply do this by using the genrsa command. Note that we are using the des3 (Triple DES) algorithm with 2048 key length.

Step 2: Generate the root certificate

As the next step, you need to create your root certificate using the generated private key. Ideally, this root certificate should be provided by another CA on top of your CA ( this is called as the certificate chain ). But in this instance , we are trying to act as the root CA and hence we need to create the root certificate file as follows.

Step 3 : Generate the CSR

First of all, we need to generate a private key.

Step 4: Generate the Certificate using the CSR

We are going to create a X509 certificate using the CSR. We are setting the certificate’s validity period for 1 year ( -days 365 ). Note that we need to use our CA’s root certificate and the private key in this operation. We need to enter the CA private key’s password as well when prompted.

Step 5: Testing the generated certificate

You can import this certificate into your OS’s trusted certificate list or use in your web server as well. In this post, I’m gonna show you how to use this certificate to verify a signing process.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store