Creating a root CA certificate
  1. guides
  2. en
  3. Administrator's Guide
  4. Managing certificates
  5. Managing certificates using OpenXPKI Certificate Authority through SCEP
  6. Configuring OpenXPKI CA manually
  7. Creating a root CA certificate

Creating a root CA certificate

You can create a self‑signed root CA certificate or generate a certificate request, and then get it signed by the root CA.
Run the following commands:
Replace the key length, signature algorithm, and certificate name with the appropriate values.
  1. openssl genrsa -out /etc/certs/openxpki_ca-one/ca-root-1.key -passout file:/etc/certs/openxpki_ca-one/pd.pass 4096
  2. openssl req -new -key /etc/certs/openxpki_ca-one/ca-root-1.key -subj /DC=COM/DC=LEXMARK/DC=DEV/DC=CA-ONE/CN=MYOPENXPKI_ROOTCA -out /etc/certs/openxpki_ca-one/ca-root-1.csr
  3. openssl req -config /etc/certs/openxpki_ca-one/openssl.conf -extensions v3_ca_extensions -x509 -days 3560 -in /etc/certs/openxpki_ca-one/ca-root-1.csr -key /etc/certs/openxpki_ca-one/ca-root-1.key -out /etc/certs/openxpki_ca-one/ca-root-1.crt -sha256

This site uses cookies for various purposes including enhancing your experience, analytics, and ads. By continuing to browse this site or by clicking "Accept and close", you agree to our use of cookies. For more information, read our Cookies page.