OpenSSL Certificate Authority: Difference between revisions
imported>Jawadmin No edit summary |
imported>Jawadmin No edit summary |
||
| Line 1: | Line 1: | ||
<hr><p style="text align:left;"> | |||
Previous | |||
<span style="float:right;"> | |||
Next [[Create the root pair]] | |||
</span></p><hr> | |||
This guide demonstrates how to act as your own certificate authority (CA) using the OpenSSL command-line tools. This is useful in a number of situations, such as issuing server certificates to secure an intranet website, or for issuing certificates to clients to allow them to authenticate to a server. | This guide demonstrates how to act as your own certificate authority (CA) using the OpenSSL command-line tools. This is useful in a number of situations, such as issuing server certificates to secure an intranet website, or for issuing certificates to clients to allow them to authenticate to a server. | ||
Introduction | '''Introduction''' | ||
OpenSSL is a free and open-source cryptographic library that provides several command-line tools for handling digital certificates. Some of these tools can be used to act as a certificate authority. | OpenSSL is a free and open-source cryptographic library that provides several command-line tools for handling digital certificates. Some of these tools can be used to act as a certificate authority. | ||
| Line 15: | Line 21: | ||
* [[Online Certificate Status Protocol]] | * [[Online Certificate Status Protocol]] | ||
* [[Appendices]] | * [[Appendices]] | ||
<hr><p style="text align:left;"> | |||
Previous | |||
<span style="float:right;"> | |||
Next [[Create the root pair]] | |||
</span></p> | |||
Revision as of 14:57, 23 December 2018
Previous Next Create the root pair
This guide demonstrates how to act as your own certificate authority (CA) using the OpenSSL command-line tools. This is useful in a number of situations, such as issuing server certificates to secure an intranet website, or for issuing certificates to clients to allow them to authenticate to a server.
Introduction
OpenSSL is a free and open-source cryptographic library that provides several command-line tools for handling digital certificates. Some of these tools can be used to act as a certificate authority.
A certificate authority (CA) is an entity that signs digital certificates. Many websites need to let their customers know that the connection is secure, so they pay an internationally trusted CA (eg, VeriSign, DigiCert) to sign a certificate for their domain.
In some cases it may make more sense to act as your own CA, rather than paying a CA like DigiCert. Common cases include securing an intranet website, or for issuing certificates to clients to allow them to authenticate to a server (eg, Apache, OpenVPN).
- Create the root pair
- Create the intermediate pair
- Sign server and client certificates
- Certificate revocation lists
- Online Certificate Status Protocol
- Appendices
Previous Next Create the root pair