Morris: Created page with "== Creating a CA == You can create a CA and use it to sign certs for use by other services, so that you can add that CA to phone, laptop, etc and have them not complain about ..."

2014-05-22T22:52:24Z

Created page with "== Creating a CA == You can create a CA and use it to sign certs for use by other services, so that you can add that CA to phone, laptop, etc and have them not complain about ..."

New page

== Creating a CA ==
You can create a CA and use it to sign certs for use by other services, so that you can add that CA to phone, laptop, etc and have them not complain about self-signed certs.

Generate the root CA key
<pre>
openssl genrsa -out rootCA.key 4096 -aes-256-cbc
</pre>

Generate the (self-signed) root CA cert: (-nodes means without password encryption, omit if this is not what you want)
<pre>
openssl req -x509 -new -nodes -key rootCA.key -days 10240 -out rootCA.pem
</pre>

== Creating certs and keys for services ==
Create a signing request:
<pre>
openssl req -new -key myserver.key -out myserver.csr
</pre>

Use the root CA cert to sign the CSR and generate the server cert.
<pre>
openssl x509 -req -in myserver.csr -CA ./rootCA.pem -CAkey ./rootCA.key -CAcreateserial -out myserver.crt -days 3650
</pre>

== Installing system-wide in rooted Android phones ==

get the hash of the root CA cert and append a ".0" - this is the filename the cert should be stored as.
<pre>
openssl x509 -in rootCA.pem -subject_hash_old -noout
</pre>
Copy rootCA.pem to this filename (eg, 87654321.0) and put it into /system/etc/security/cacerts/87654321.0 on the Android device.

Diy SSL CA + android - Revision history

Morris: Created page with "== Creating a CA == You can create a CA and use it to sign certs for use by other services, so that you can add that CA to phone, laptop, etc and have them not complain about ..."