Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Working with Certificates

Creating a CA Chain using OpenSSL and Uploading on the CipherTrust Manager

search

Please Note:

printsuggest an edit

Creating a CA Chain using OpenSSL and Uploading on the CipherTrust Manager

  1. Create Root CA (Self Signed).

    openssl req -x509 -newkey rsa:4096 -keyout root_key -out root_ca.crt -days 365

    Note

    Provide different Common Names for all the CAs in the chain.

  2. Create Intermediate CA1.

    openssl req -out inter1_req -newkey rsa:1024 -keyout inter1_key

  3. Sign Intermediate CA1 from Root CA.

    openssl x509 -req -in inter1_req -CAkey root_key -CA root_ca.crt -days 100 -CAcreateserial -out inter1_ca.crt

  4. Create Intermediate CA2.

    openssl req -out inter2_req -newkey rsa:1024 -keyout inter2_key

  5. Sign Intermediate CA2 from Intermediate CA1.

    openssl x509 -req -in inter2_req -CAkey inter1_key -CA inter1_ca.crt -days 100 -CAcreateserial -out inter2_ca.crt

  6. Create Intermediate CA3.

    openssl req -out inter3_req -newkey rsa:1024 -keyout inter3_key

  7. Sign Intermediate CA3 from Intermediate CA2.

    openssl x509 -req -in inter3_req -CAkey inter2_key -CA inter2_ca.crt -days 100 -CAcreateserial -out inter3_ca.crt

  8. To create a chain of CAs, concatenate data of all the above created CAs in a file and name it All_certs.crt.

copy link to clipboardUploading Certificates on the CipherTrust Manager

  1. Go to Device CAs & SSL Certificates >> Known CAs.

  2. Upload all the above created certificates one by one (that is, root_ca and all intermediate CAs), in the order of their creation.

  3. Upload the certificate chain All_certs.crt.

On this page