CA with openssl

Solaris is known for it’s SBD feature and offers a lot of different tools and mechanics to secure your system and it’s data. Though when it comes to secure communication for example you are in the spot where you want to use your own certificates and keys. This sounded very complex and time-consuming. This was before I actually started to need and use it. For everyone who hesitates to take this step here is one way of setting up a small CA environment which can be used to generate or sign keys and certificates.

Let’s start with creating a zone named zoneCA:

# zonecfg -z zoneCA 'create'
# zoneadm -z zoneCA install
# zoneadm -z zoneCA boot
# zlogin -e "+." -C zoneCA

Click your way through the configuration.

Once this is done and the zone configured and ready some preperation needs to be done:

# useradd -u 1580 -g 10 -d /data/apps/solCA/ -m -s /usr/bin/bash -c "solaris ca user" solcaadm

# echo "export OPENSSL_CONF=/data/apps/solCA/conf/openssl.cnf" >>/data/apps/solCA/.profile

# mkdir /data/apps/solCA/conf
# cp /etc/openssl/openssl.cnf /data/apps/solCA/conf/

# mkdir certs crl newcerts private pass

# touch index.txt
# echo "01" >serial
# echo "1000" >crlnumber

Continue Reading →