Create a Mutual Authentication root certificate
To properly configure Mutual Authentication, you need to create a root certificate that you want to use to create and validate client certificates.
Before you begin
- Make sure your environment meets the minimum requirements to complete this procedure. See System requirements.
- Prepare a CA root certificate configuration file.
All the files used in the task are in the same directory. The commands use these variables for the file names:
- root.conf is the configuration file for the CA root certificate.
- rootCA.crt is the CA root certificate you previously created.
- rootCA.key is the CA root private key that you previously created.
Create a certificate key for your
You can use the following command:
openssl genrsa -des3 -out rootCA.key 4096A rootCA.key appears in your current directory.
Using your CA root certificate key and
the CA root configuration file, generate the CA root certificate.
Make sure to set the
basicConstraintsvalue in the root.conf file to
CA:true. This value indicates whether a certificate is a CA certificate.You can use the following command:
openssl req -x509 -config root.conf -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crtA rootCA.crt file appears in your current directory.
- Upload the Mutual Authentication root certificate.