Don
Setup Your Own Certificate Authority (CA) on Linux and Use it in a Windows Environment
In this previous post, I deployed a test IIS Server and used a self signed SSL Certificate to encrypt the HTTP traffic. I am sure everyone have seen this page in Internet Explorer:
When I clicked “View Certificate”, I saw the following:
We can see that certificate is issued by the same entity as the site-name itself. We can also see that the Root CA is not trusted. Since this is a self-signed Certificate, you are the Root CA in a manner of speaking. My goal is to get rid of that message and to become a “trusted” Certificate Authority (CA) in my local Windows Environment.
Choosing a free Certificate Authority software
If we take a look at this wikipedia page, we will see the following list of available software:
There is actually one more that I ran into, it’s called tinyCA.
Using OpenSSL Commands to Setup a CA
DogTag, EJBCA, and OpenCA were full blown Public-Key Infrastructure (PKI) applications and I didn’t need all of the extra functionally. There are a lot of examples on how to setup your own CA with openssl:
- Be your own Certificate Authority (CA)
- Your own certificate authority
- Be your own CA
- Becoming a X.509 Certificate Authority
I have done that before and when you are managing a lot of different certificates the process is not very scalable. Also, if you don’t keep doing it, you have to re-trace your steps to remember how the setup works. There is also a Perl script that is included to ease the CA setup, that script is called CA.pl. Depending on your Linux distribution you have find the right package that contains that script. Here is where I found it on my Fedora install:
[elatov@klaptop ~]$ yum provides "*/CA.pl*" Loaded plugins: langpacks, presto, refresh-packagekit, remove-with-leaves 1:openssl-perl-1.0.1c-7.fc18.x86_64 : Perl scripts provided with OpenSSL Repo : fedora Matched from: Filename : /etc/pki/tls/misc/CA.pl Filename : /usr/share/man/man1/CA.pl.1ssl.gz
You can check out examples from “Setup your own Certificate Authority” and Becoming a CA Authority on how to use the Perl script; here is a very high level overview:
#Generate CA Certificate CA.pl -newca #Generate a Certificate Signing Request (CSR) CA.pl -newreq #Sign the CSR with your CA key CA.pl -sign
TinyCA
Read More...http://virtuallyhyper.com/2013/04/setup-your-own-certificate-authority-ca-on-linux-and-use-it-in-a-windows-environment/
Certificate Authority (CA)
- Linux Today - How to Run Your Own Certificate Authority
- How to Run Your Own Certificate Authority - eSecurity Planet
- Linux Today - Setup Your Own Certificate Authority (CA) on Linux and Use it in a Windows Environment
- Setup Your Own Certificate Authority (CA) on Linux and Use it in a Windows Environment | VirtuallyHyper
No comments:
Post a Comment