other ssl issue with my own ca
by Emre Tugriceri on Mar.18, 2009, under Security
/root/tugriceri.com_CA/ca/
cat ca.conf
[ ca ]
default_ca = ca_default
[ ca_default ]
dir = /root/tugriceri.com_CA/ca/
certs = /root/tugriceri.com_CA/ca/
new_certs_dir = /root/tugriceri.com_CA/ca/ca.db.certs
database = /root/tugriceri.com_CA/ca/ca.db.index
serial = /root/tugriceri.com_CA/ca/ca.db.serial
RANDFILE = /root/tugriceri.com_CA/ca/ca.db.rand
certificate = /root/tugriceri.com_CA/ca/ca.crt
private_key = /root/tugriceri.com_CA/ca/ca.key
default_days = 365
default_crl_days = 30
default_md = md5
preserve = no
policy = generic_policy
[ generic_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
openssl ca -config ca.conf -notext -out one.tugriceri.com/one.tugriceri.com.cer -infiles one.tugriceri.com/one.tugriceri.com.csr
openssl x509 -req -days 365 -in one.tugriceri.com/one.tugriceri.com.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out one.tugriceri.com/one.tugriceri.com.cer
openssl verify -CAfile ../ca/ca.crt one.tugriceri.com.cer
