Image Info Security: Creating a Server Certificate, using XCA

There are scenarios that require you to implement your own private Certificate Authority (CA), such as VPNs, internal web servers, or client authentication to web servers.

This is the third article in a four part series, that explains how to generate a Root Certificate, Client Certificates and Server Certificates, for authentication. In this article, you will learn how to use a tool called XCA to create the Server Certificate, signed using an Intermediate Root Certificate that was created earlier in this series.

Assumptions

Download XCA from http://sourceforge.net/projects/xca/
Install XCA (Admin Privilege Required)
Create a Root Certificate, using XCA
Create an Intermediary Certificate, signed with Root Certificate.

Create a Server Certificate

1. Click File->Open Database

2. Select the database file (.xdb)

3. Click the Open button
4. Go to the “Certificate Signing Requests” tab
5. Client “New Request”

6. Select “CompanyName” from the Templates for certificates, and click “Apply Subject”

7. Go to the “Subject” tab

8. Update the Internal Name and Common Name with “MyServerName”, or a name of your choice

9. Click the “Generate a new key” button

10. Update name with “MyServerName” or name of your choice, and select a key size of 2048 bit.

11. Click OK.

12. Go to the “Extensions” tab

13. Update the Subject Alternative Name, with “DNS: myservice.yourdomain.com”

14. Set Time Range to 1 year

15. Go to the “Key Usage” tab

16. Select the following from the left panel titled “Key Usage”: Digital Signature, Key Agreement, Certificate Sign

17. Go to the Advanced tab, and verify the information

18. Click OK

19. Right Click on the new certificate request, in the list of “Certificate Signing Requests”

20. Select the “Sign” option from the drop down menu

21. Change the Signing option to “Use this certificate for signing”, and select “Intermediate Server CA”
22. Change the template for new certificates to “Company Name”, and click "Apply Subject"