How to Create a Certificate of Authority on Ubuntu 20.04

Wondering how to create a Certificate of Authority on Ubuntu 20.04?

Certificate Authority or CA is a certificate issued to online entities to verify their identities. If a CA has been issued online, it means that the connection between you and the party receiving it is secure. It is a trusted certificate for both the issuing party and the one receiving it.  

CAs can be issued both publicly and privately. Public CA is more commonly used and issued to online services, while private CA is used among a closed and private set of users.

Using a private CA lets you run, configure and test software that requires a secure and encrypted connection between server and client. You can also establish control issuing users and servers your own CA within your setup. 

If you want to know how to create a Certificate of Authority on Ubuntu 20.04, then you are in the perfect place. This article will guide you through the steps necessary to create a private CA.

So, without further ado, let’s get started!

Step 1: Installing Easy-RSA.

Easy-RSA is a program that you can use to create and issue private CAs. Using Easy-RSA, you will create a private key that will be used to certify and accept requests from servers and users who want your CA. Login to your CA server, open the Terminal, and follow these steps: 

  1. Update your repository using the following command:
$ sudo apt update
  1. Next, install Easy-RSA running this command:
$ sudo apt install easy-rsa

Press Y to complete the installation of the Easy-RSA package. 


Now that we’re done with this step, we will create a directory to configure your public keys.


Step 2: Creating a Public Key Infrastructure (PKI) Directory.

While still logged on to your CA server, don’t execute the following commands as a sudo user. If you do it using sudo, other users will not be able to access the CA setup. 

  1. First, you need to create a new directory. You can do this using this command.
$ mkdir ~/newdirectory
Certificate of Authority on Ubuntu
  1. The directory you just created will be used to create links that would point toward the package files installed in the previous step. These files are present in another directory. You will use the following command to do this. 
$ ln -s /usr/share/easy-rsa/* ~/newdirectory/
Certificate of Authority on Ubuntu
  1. You don’t want other people accessing your PKI directory so restrict its access using the following command.
$ chmod 700 home/username/newdirectory
  1. When you are done with all of the above, the next step is to instantiate the PKI directory. This will be done using the following commands. 
$ cd ~/newdirectory
$ ./easyrsa init-pki
Certificate of Authority on Ubuntu

Now you have a directory containing all the configuration files, you will need to create a Certificate Authority. We move on to the next step of how to create a Certificate of Authority on Ubuntu 20.04.

Step 3: Creating a Certificate Authority.

In this step, you will learn how to create issuable Certificate Authorities. 

  1. First, you must make a “vars” file in the new PKI directory. After making it, you will populate it with default values. You will do this using the following command. 
$ cd ~/newdirectory 
$ nano vars
Certificate of Authority on Ubuntu
  1. You can use any text editor instead of nano to create and save the “vars” file. 
  2. Once you open the vars file, you must fill it with the default values. You can use the below-given template and fill in the values according to your needs. 
set_var EASYRSA_REQ_COUNTRY    "xyz"
set_var EASYRSA_REQ_PROVINCE   "xyz"
set_var EASYRSA_REQ_CITY       "xyz"
set_var EASYRSA_REQ_ORG        "xyz"
set_var EASYRSA_REQ_EMAIL      "xyz"
set_var EASYRSA_REQ_OU         "xyz"
set_var EASYRSA_ALGO           "xyz"
set_var EASYRSA_DIGEST         "xyz"

After doing this, save the file. Now you can create your CAs.

  1. To create your CA, run the following command:
$ ./easyrsa build-ca
Certificate of Authority on Ubuntu

When you run this command, you will see a few lines regarding the OpenSSL version.

  1. You should receive a request to enter a password to access the new CA you are building. After this, you will need to confirm the Common Name to create the CA. The CN is used to name the system that is using the CA. The software also suggests its own CN. It’s your choice which CN you want to keep.  

When you are done with the password and the CN, there are two files created. These two files are “~/newdirectory/pki/ca.crt” and “~/newdirectory/pki/private/ca.key”.

  • The “ca.crt” file is the public CA file. Every user and computer that want to be part of your private setup should have a copy of this file. This certificate will make it possible for your group to have a secure connection to you and your setup.
  • The “ca.key” file is a private file that preferably needs to stay in your system only. This file is used to certify and accept the CA requests made by other servers and users. 

With this, you now know how to create a private Certificate Authority on your Ubuntu system. 

While going through step 2, you will use the $chmod command to restrict access to the new PKI directory.  $chmod command is used to set the read, write and execute permission of any file or directory present on a Linux system. 

You need to be careful while dealing with the “ca.key”. If anyone gets their hands on this file, you will have to destroy the related CA. While signing different requests, it is also advised to stay offline so that your file isn’t stolen.  

This was a guide on how to create a Certificate of Authority on Ubuntu 20.04. We looked at the different steps you have to take to create a CA. A Certificate Authority is a good way to regulate different users and connections in a private setting.

If there are any further queries, please let us know in the comments below. 

If this guide helped you, please share it😊


Leave a Reply

Your email address will not be published. Required fields are marked *