Java and SSL: How to create a New Certifate Authority

This post is part of a series about the worlds of Java and SSL.  I hope to do 1 post a day on this topic. The resulting posts will become the basis for another section of a talk that I am scheduled to give on August 10 at the Boulder/Denver Cybersecurity Meetup.

How to create a New Certificate Authority

• https://docs.oracle.com/cd/E19509-01/820-3503/ggezy/index.html
• OpenSSL
• What is a certificate?
• From the command line

I didn't come up with this.  I got most of my information from https://docs.oracle.com/cd/E19509-01/820-3503/ggezy/index.html. This page explained most of what I'm going to talk about.

OpenSSL is a must have for developers doing SSL development with Java.  It comes with the command line of Git  (for Windows developers) and with OSX (for mac developers).

A certificate is merely a public key whose hash value has been computed using a cryptographically strong algorithm like SHA-256 and encrypted with the private key of someone.  In the case of a "self-signed" certificate, this is the private key associated with the certificate's public key.

To do this on the command line, use OpenSSL:

openssl req -new  -x509  -keyout ca-key.pem.txt -out ca-certificate.pem.txt -days 365