Cert Authority Creation Prep and Lab - ConnorEast/Tech-Journal GitHub Wiki

Section 1: Getting your Certificate Authority Prepped:

Step 1: Take down the IP address of your CA --> _IPADDR: 10.0.17.45 _
Step 2: Confirm SSHD is working by running the "sudo systemctl status sshd command"
Step 3: Enable port 22 using the command "sudo firewall-cmd --permanent --zone=public --add-port=22/tcp"

Create the Authority.

On your CA VM go to the directory labeled /etc/pki/CA and use the "touch index.txt file" command. finally use the command echo 1000 > seial.

Creation of a private key

to begin use the following command:

“ openssl genrsa -des3 -out -private/cakey.pem”

If this command doesn't work it may be because you do not have a private folder in which to store cakey.pem; if this is the case use the mkdir command to create a "private folder". Using the openssl command generates an RSA private key. Said private key is then encrypted using -des3 and saved to the file named cakey.pem located in the private folder.

CA Certificate Steps:

“Openssl req -new -x509 -days 365 -key private/cakey.pem -out cacert.pem”

This command uses the Openssl command to create a new/process certificates. The -new stands for new document. -x509 stands for the specified input needed to view documentation, it should be open for 365 days and should be saved to cacert.pem in connection with cakey.pem.
image

Creating the Certificate Request on your Web Server:

Step 1: On your Web Server use the command “openssl req -newkey rsa:2048 -keyout websrv.key -out websrv.csr” ------ This command uses openssl to request a newkey using rsa:2048 for encryption for our websrv.key file. This file should then be saved to a new document called websrv.csr. Once this command has been run you will have to insert the information relevant to the previous cacert.pem file we created.
image
Step 2: The command for this section was “scp websrv.crs [email protected]:~”. This command loosely translates to “Securely transfer file name websrv.crs to the user root located on the home directory of the device with IP 10.0.17.45”. The third image shows the completion of the websrv transfer.

Signing the Certificate:

image

The command for signing the certificate is “openssl ca -out websrv.crt -infiles websrv.csr” this essentially states that openssl should sign the websrv.crt with the file named websrv.csr

image

The command above is “scp websrv.crt [email protected]:~”. This loosely translated to “securly copy file websrv.crt to the home folder of user root on IP address 10.0.17.15”