# Certificates for ER6

• Certificates for ER6
  • Summary
  • Example Creation
    • Certificate Authority
    • Host Certificate
  • File Structure Breakdown
    • Configuration and CSR Files
    • Domain Certificate
    • Certificate Authority/Intermediate Certificate Authority

CloudFlare's CFSSL project was used to generate a certificate authority, intermediate certificate, and host certificate for scenarios A, B and the protections range to emulate a valid issued TLS certificate.

The following provides an example of how to generate the CA, intermediate CA, and host certificate using CFSSL. A full explanation of CFSSL can be found on the project GitHub page.

1. Update ca.json, intermediate-ca.json, and host1.json as appropriate to reflect the new certificate authority, certificate authority intermediate certificate, and host certificate for web host.
2. The cfssl.json provided has the needed roles predefined, but may need to be modified based on your particular needs.
3. Run the following commands to generate the CA certificate, and intermediate issuing certificate:

cfssl gencert -initca ca.json|cfssljson -bare ca
cfssl gencert -initca intermediate-ca.json| cfssljson -bare intermediate_ca
cfssl sign -ca ca.pem -ca-key ca-key.pem -config cfssl.json -profile intermediate_ca intermediate_ca.csr | cfssljson -bare intermediate_ca

1. Run the following command:

     cfssl gencert -ca intermediate_ca.pem -ca-key intermediate_ca-key.pem -config cfssl.json -profile=server host1.json|cfssljson -bare host-1-server

2. Jobs done.

The csfll.json file used to configure all the certs with the predefined roles can be found at the top level of `ansible/files/domain-certs-er6'.

All .json and .csr files are configuration and certificate signing request files, and are only used during the certificate generation process.

Each domain has its own subdirectory, and within each subdirectory are the following files: