Skip to Content Information Center
Markvision Enterprise

Markvision Enterprise

Creating a root CA certificate

You can create a self‑signed root CA certificate, or generate a certificate request and then get it signed by the root CA.

Note:  Replace the key length, signature algorithm, and certificate name with the appropriate values.

  1. Run the following command:

    • openssl genrsa -out /etc/certs/openxpki_democa/ca-root-1.key -passout file:/etc/certs/openxpki_democa/pd.pass 4096
  2. Replace the subject in the request with your CA information using openssl req -new -key /etc/certs/openxpki_democa/ca-root-1.key -out /etc/certs/openxpki_democa/ca-root-1.csr.

  3. Get the certificate signed by the root CA using openssl req -config /etc/certs/openxpki_democa/openssl.conf -extensions v3_ca_extensions - x509 -days 3560 -in /etc/certs/openxpki_democa/ca-root-1.csr -key /etc/certs/openxpki_democa/ca-root-1.key -out /etc/certs/openxpki_democa/ca-root-1.crt - sha256.

  4. Go to /etc/certs/openxpki_democa/ where ca-root-1.crt is saved.

  5. Run the following command:

    • openxpkiadm certificate import --file ca-root-1.crt
Was this article helpful?
Top