For a job-related project I’ve been fiddling with openssl to create a new CA instance for self-signed certificates.<\/p>\n
<\/p>\n
Initially I had problems importing our root CA cert into firefox, but finally got it working after some googling. The main problem is that by default on Red Hat 5.x, the file \/etc\/pki\/tls\/openssl.conf<\/strong> has the following entry set to FALSE:<\/p>\n <\/p>\n So you when you create the root CA certificate using<\/p>\n the root ca cert will end up with the above constraint set to FALSE. Firefox doesn’t like that and will consequently refuse to import the certificate as a new CA.<\/p>\n Solution: Simply fire up your text editor of choice (I prefer GNU Emacs ;)) and change the line above in your openssl.conf<\/strong> file to read<\/p>\n and you should have no problems importing the certificate into Firefox and other browsers.<\/p>\n <\/p>\n Remember to undo the change before you generate your first self signed server certificate or you may run into other problems when trying to use these certificates in web- or mail servers.<\/p>\n It’s also worthwhile checking the other stuff in openssl.conf <\/strong>if you want to change settings such as default key length or certificate validity periods.<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" For a job-related project I’ve been fiddling with openssl to create a new CA instance for self-signed certificates. Initially I had problems importing our root CA cert into firefox, but finally got it working after some googling. The main problem is that by default on Red Hat 5.x, the file \/etc\/pki\/tls\/openssl.conf has the following […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-455","post","type-post","status-publish","format-standard","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/posts\/455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=455"}],"version-history":[{"count":5,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/posts\/455\/revisions"}],"predecessor-version":[{"id":458,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=\/wp\/v2\/posts\/455\/revisions\/458"}],"wp:attachment":[{"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hoover.gplrank.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}basicConstraints=CA:FALSE<\/pre>\n
\/etc\/pki\/tls\/misc\/CA -newca<\/pre>\n
basicConstraints = CA:TRUE<\/pre>\n