Chapter 30

Certificate Authority

Certificates are an integral part of service security, including within a LAN itself. Therefore it’s worthwhile for every managed network to include a certificate services server.

Subsections of Certificate Authority

Generating Certificate Signing Request on Linux

There are various Linux packages that provide commands for generating X.509 SSL certificates and requests, but one of the most prevalent is openssl. To generate a new certificate signing request, use the following command:

openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout server.key

Provide the sslcert.csr signing request to your certificate authority.