How to build your own Certificate Authority

With Vault

Actually, i don’t want repeat it again. so, please follow this documents: https://learn.hashicorp.com/vault/secrets-management/sm-pki-engine

You have three choices:

1. GUI
2. API
3. CLI

And finally, you would see that:

With Openssl

$ openssl genrsa -des3 -out rootCA.key 4096
$ openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt
$ openssl genrsa -out 91sec.vip.key 2048
$ openssl req -new -key 91sec.vip.key -out 91sec.vip.csr
$ openssl x509 -req -in 91sec.vip.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out 91sec.vip.crt -days 500 -sha256

Install Root CA in Server

• Ubuntu

$ sudo mkdir /usr/share/ca-certificates/extra
$ sudo cp foo.crt /usr/share/ca-certificates/extra/foo.crt                    #Copy the CA .crt file to this directory
$ sudo dpkg-reconfigure ca-certificates                   #add the .crt file's path relative to /usr/share/ca-certificates to /etc/ca-certificates.conf

• Centos

$ sudo cp foo.crt /etc/pki/tls/certs/ca-bundle.crt
$ update-ca-trust enable
$ update-ca-trust extract

Also, you can install CA to gold image

Resources

• Build Your Own Certificate Authority (CA)
• Self Signed Certificate with Custom Root CA
• 本地建立CA签发数字证书
• Opensll Certificate authority
• How to create self signed certificate with openssl
• Install root ca in ubuntu
• Install root ca in centos