2.1. Installation

Nowadays, you do not have to worry too much about installing OpenSSL, as most distributions use package management applications. Refer to your distribution documentation, or read the README and INSTALL file inside the OpenSSL tarball.

I describe here some standard installation options which are necessary to know in case your installation differ.

The directory for all OpenSSL certificates is /var/ssl/. All commands and paths in this document are issued from this directory, it is not obligatory but it will help the examples.

OpenSSL by default look for a configuration file in /usr/lib/ssl/openssl.cnf so always add -config /etc/openssl.cnf to the commands openssl ca or openssl req for instance if the configuration file is located elsewhere. I use /etc/openssl.cnf so my configuration files are all in /etc.

Utilities and other libraries are located in /usr/lib/ssl.

Ensure that the utility CA.pl is in an accessible directory such as /usr/sbin. CA.pl can be found inside /usr/lib/ssl directories. CA.pl is a utility that hides the complexity of the openssl command.

/usr/sbin/CA.pl needs to be modified to include -config /etc/openssl.cnf in ca and req calls.

#$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"} 
$SSLEAY_CONFIG="-config /etc/openssl.cnf"; 
  

/etc/openssl.cnf must be configured appropriately to minimize input entry.

/etc/openssl.cnf example
  

To create a certification authority use the command:

CA.pl -newca