CApen-SSL (for Certification Autority OpenSSL) is a wrapper to facilitate the creation of a certification autority and server certificates using only OpenSSL commands.
CApen-SSL works with a main script named build-certs. The build-certs script will wait for the input of values to build a certificate (examples below).
CApen-SSL works in a way that first builds one root certificate autority, then the intermediate autority and finally server certificates.
The CA scripts generated by build-certs will be named rootca.crt for the root autority and intca.crt for the intermediate autority. The server certificates will be named with the FQDN you give.
openssl req -x509 -nodes -newkey rsa:4096 -days 3650 -extensions v3_ca -subj "/C=FR/ST=Ile-de-France/O=FictOrg/OU=Engineers/L=Paris/CN=FictOrg ROOT CA" -keyout private/rootca.key -out ca/rootca.crt -config confs/ca.cnf
openssl genrsa -out private/intca.key 4096
openssl req -sha256 -new -subj "/C=FR/ST=Ile-de-France/O=FictOrg/OU=Engineers/L=Paris/CN=FictOrg INT CA" -key private/intca.key -out csr/intca.csr
openssl ca -batch -config confs/ca.cnf -days 1825 -extensions v3_ca -subj "/C=FR/ST=Ile-de-France/O=FictOrg/OU=Engineers/L=Paris/CN=FictOrg INT CA" -notext -in csr/intca.csr -out ca/intca.crt
openssl genrsa -out private/test.test.lan.key 4096
openssl req -new -key private/test.test.lan.key -out csr/test.test.lan.csr -config confs/server.cnf
openssl x509 -req -in csr/test.test.lan.csr -CA ca/intca.crt -CAkey private/intca.key -CAcreateserial -out certs/test.test.lan.crt -days 365 -sha512 -extfile confs/server.cnf
Root certificate autority (example values, but all below arguments have to be mentioned, in any order)
./build-certs --country FR --province 'Ile-de-France' --locality Paris --organization FictOrg --unit Engineers --domain 'FicOrg ROOT CA' --days 3650 --root
Intermediate certification autority (example values, but all below arguments have to be mentioned, in any order)
./build-certs --country FR --province 'Ile-de-France' --locality Paris --organization FictOrg --unit Engineers --domain 'FictOrg INT CA' --days 1825 --intermediate
./build-certs --country FR --province 'Ile-de-France' --locality Paris --organization FictOrg --unit Engineers --domain 'test.test.lan' --days 365 --server
./build-certs --clean-files
./build-certs --clean-database
./build-certs --clean-confs
Kevin Chevreuil - Kaisen 2022