In this short tutorial we will demonstrate how you can create your own SSL Certificate Authority to sign certificate requests created on internal devices.
Software: Ubuntu 22.04(4) & EasyRSA.
1.) apt-get install easy-rsa
2.) cd /usr/share/easy-rsa/
3.) ./easyrsa init-pki
4.) Specify the variables for your CA in “./easyrsa/vars”
set_var EASYRSA_REQ_COUNTRY “US”
set_var EASYRSA_REQ_PROVINCE “Florida”
set_var EASYRSA_REQ_CITY “Miami”
set_var EASYRSA_REQ_ORG “my_org_name”
set_var EASYRSA_REQ_EMAIL “someone@somewhere.com”
set_var EASYRSA_REQ_OU “IS”
set_var EASYRSA_ALGO “ec”
set_var EASYRSA_DIGEST “sha256”
5.) ./easyrsa build-ca nopass
6.) When prompted specify a name for the Certificate Authority (e.g. ca.yourdomain.com).
7.) Save the CA certificate so that it can be distributed (optional) – “/usr/share/easy-rsa/pki/ca.crt”
8.) ./easyrsa import-req /home/lmqadmin/<csr_filename>.csr <shortname>
9.) ./easyrsa sign-req server <shortname>
10.) The certificate will be issued to the “/usr/share/easy-rsa/pki/issued” directory
11.) Import the “<shortname>.crt” file to the device on which the request was generated.