Installing TinyCA#

$ yum install tinyca2

Configuring TinyCA#

Edit /etc/tinyca2/openssl.cnf:

[ v3_ca ]
#subjectAltName=email:copy
#issuerAltName=issuer:copy

Creating Root CA#

Use the GUI to create a root CA:

$ tinyca2

Managing Root CA#

Use the GUI to manage the root CA:

$ tinyca2 --ManageCA

Configuring Root CA#

Edit /root/.TinyCA/RootCA/index.txt.attr:

unique_subject = no

Signing Certificate Request#

$ openssl ca \
 -batch \
 -passin pass:Secret.123 \
 -notext \
 -config /root/.TinyCA/RootCA/openssl.cnf \
 -name ca_ca \
 -in "ca_signing.csr" \
 -out "ca_signing.crt" \
 -days 7200 \
 -preserveDN \
 -md sha256 \
 -noemailDN

The root CA is located at /root/.TinyCA/RootCA/cacert.pem.

References#

Certificate Extensions
tinyca2 man page
Create your own Certificate Authority with TinyCA2 and Debian Squeeze

Installing TinyCA

Contents

Installing TinyCA#

Configuring TinyCA#

Creating Root CA#

Managing Root CA#

Configuring Root CA#

Signing Certificate Request#

References#