Certificate Authority

Root CA

Steps to setup the Root CA

The choice of using RSA (4096 key size) over the more modern ED25519 was made because OpenSSL on macOS does not support ED25519. It was too much of an overhead to use a separate machine to keep generating the keys and certificates and then syncing them back to macOS.

Setup Process

The process to setup a root CA is a two-step process

Generate Root Key

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -aes256 -out ca.key

Generate Root Certificate

Create the config file (oasys.cnf) for Root CA:

[ req ]
distinguished_name = dn
prompt = no

[ dn ]
C  = IN
ST = Telangana
L  = Hyderabad
O  = Oasys
CN = RootCA

[ v3_ca ]
basicConstraints = critical, CA:true
keyUsage = critical, keyCertSign, cRLSign
subjectKeyIdentifier = hash

Run the following command to generate the Root CA certificate

openssl req -new -x509 -sha256 -days 3650 -key ca.key -out root-ca.cert -config oasys.cnf -extensions v3_ca

Root CA is now ready to be used to issue SSL certificates

Edit this pageorReport an issue

Overview

Oasys Certificate Authority