OpenSSL and OCSP Certificate Creation

#make Root certificate

#Be in this directory to make the certificates and keys and etc.....

/path/to/openssl


#Generate des3 key for creating request.
openssl genrsa -des3 -out rootCa/private/rootcakey.pem 2048 -config openssl.cnf

#Generate a new request for signing the certificate.
openssl req -new -x509 -days 365000 -key rootCa/private/rootcakey.pem -out rootCa/private/rootcacert.pem -config openssl.cnf

#Dont know what it is required for will update later.
cp rootCa/private/rootcacert.pem rootCa/certs/00.pem

#make a backup of the rootca certificate for easier configuration.
cp rootCa/private/rootcacert.pem rootCa/

#dont know what this could be used for.
cd /usr/share/ssl/rootCa/certs

ln -s 00.pem `openssl x509 -hash -noout -in 00.pem`.0

===============================================

#Make cert

#Generate key
openssl genrsa -out ocsp/key.pem 1024
#Generate a new request
openssl req -new -key ocsp/key.pem -out ocsp/req.pem -config openssl.cnf
#Generate a certificate and sign with the root certificate.
openssl ca -name ocsp_server -keyfile rootCa/private/rootcakey.pem -in ocsp/req.pem -out ocsp/cert.pem -outdir rootCa/certs -config openssl.cnf

===============================================
#create crl
openssl ca -gencrl -config openssl.cnf -crldays 36500 -crlhours 24000 -out rootCa/crl/crl.pem

===============================================
#Check Response
openssl ocsp -host 192.168.2.40:2560 -issuer /usr/share/ssl/rootCa/rootcacert.pem -VAfile /usr/share/ssl/ocsp/cert.pem -serial 16