You can use OpenSSL to create a CA private key and a CA certificate to sign certificates for AE Services server as a certificate authority (CA). This appendix describes the configuration that uses a key size, encryption algorithm, and a single-level CA infrastructure that may be inefficient to support your IT security requirements. You must review the OpenSSL commands and make the necessary changes to meet your certificate security requirements. Running the provided commands does not guarantee that they will protect your network from a possible intrusion.

The OpenSSL package is available on all Linux and Windows distributions, for example, Cygwin. You can download the package from the OpenSSL web site.

On a Linux server, use the man command to find out additional information about the OpenSSL commands like genrsa, req, x509, ca, and pkcs12.

The following procedures are based on the Linux® Operating System and explain how to create a single-level CA.