Create a Certificate Authority¶
A Certificate Authority (CA) is a trusted entity that issues digital certificates. To establish this trust, the CA itself must have a certificate. This certificate is typically self-signed, meaning the CA signs its own certificate. This self-signed certificate serves as the root of trust for all certificates issued by the CA. Without this self-signed certificate, the CA would not be able to validate the authenticity of the certificates it issues, and the entire chain of trust would be broken Therefore, creating a self-signed certificate for the CA is a crucial first step in setting up a Public Key Infrastructure (PKI).
Prerequisites¶
- TeskaLabs SeaCat PKI up and running in a default setup (SoftHSMv2 configured for an active tenant).
- Access to a Web User Interface
Steps¶
-
Navigate to the "Certificates" > "Create a certificate" screen
-
Fill in the form
- Select "Create a Self-Signed Certificate" option at "Source" tab
- Select "Generate a new private key" option at "Private Key" dropdown
- Type a label for the private key, i.e. "My CA Private Key"
- Select "SoftHSM" at Private Key Provider dropdown, the private key will be generated in the HSM
- Select "MySoftHSMToken" at PKCS#11 Token dropdown
- Select "RSA" at Key Type dropdown
- Select "4096" at Key Size dropdown
- Select "Certificate Authority" at "Apply template" dropdown
- Fill the label of the CA at "General" tab, i.e. "My CA"
- Prolong the validity of the CA certificate at "Valid to", 10 years is a good default
- Fill a Common Name for the CA at "Subject" tab, i.e. "My CA", feel free to add more fields to the subject
- Click "Create" button to create a certificate
You can also modify other certificate attributes according your specific needs.
-
Review the created CA certificate
Congratulations! You have created a CA certificate.
You can download the CA certificate using a "Download" icon at the top right corner of the card.
Now you can create a certificate for a user or a device.