How to set up my own full-featured certificate authority?

Question

I'd like to set up a certificate authority, which I can then import to all the company's browsers and systems to get rid of all those nasty client warnings when using HTTPS or SSL.

score 9 · Accepted Answer · edited Jan 19 '14 at 11:19

9

You can use TinyCA, a graphical front-end for OpenSSL that lets you manage the tasks of a certificate authority.

Beware that the TinyCA website seems hard to reach at times.

edited Jan 19 '14 at 11:19

ssc

1,189

answered Jul 14 '10 at 07:25

chmeee

7,548

score 6 · Answer 2 · answered Jul 14 '10 at 06:45

I recommend using OpenCA and here is the install guide. This is a full fledge PKI suite, which includes an OCSP server to immediately revoke certificates. It also has a PKI Resource Protocol server. I have personally used OpenCA and it is what you want.

If you really like RedHat and Java then you might want to go with RedHat Certificate System.

score 2 · Answer 3 · edited Jun 13 '12 at 02:02

2

Have a look at this: http://novosial.org/openssl/ca/

And for the entire work flow: http://novosial.org/openssl/

edited Jun 13 '12 at 02:02

user1204270

195

answered Jul 14 '10 at 05:42

Niels Basjes

2,226

score 0 · Answer 4 · answered Jan 16 '17 at 16:40

You can craft your own certificates with openssl command line tool.

It is possible to generate the root certificate, hence the (sub-)certificates you need.

You can use the following tool, simplifying the whole process: https://github.com/auino/your-own-ssl-certificate-authority

How to set up my own full-featured certificate authority?

4 Answers4

Linked