x.509 certificate authority

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
User avatar
Vegan
Forum Regular
Posts: 557
Joined: Fri Sep 05, 2008 3:34 pm
Location: Victoria, BC

x.509 certificate authority

Post by Vegan »

I was wondering, my Linux VM has to earn its keep. So now Google wants world+dog all using TLS 1.2 security I figure why not make my VM do something useful.

so instead of www, i figure ca.hardcoregames.biz could act as a certificate authority

found one manual with some ideas

https://networklessons.com/uncategorize ... tu-server/

any suggestions, references or packages?
Hardcore Games™ Legendary is the Only Way to Play™
User avatar
Christopher
Site Administrator
Posts: 13595
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: x.509 certificate authority

Post by Christopher »

Like that link demonstrates, generating keys, etc. is all Open SSL, and then NTP of you want to run your own nameserver. Not sure why you want to do that given that certificates can be gotten for free these days.
(#10850)
User avatar
Vegan
Forum Regular
Posts: 557
Joined: Fri Sep 05, 2008 3:34 pm
Location: Victoria, BC

Re: x.509 certificate authority

Post by Vegan »

I was looking at mechanizing certificates for a portfolio of websites which need certificates

It seems to be overkill needing a certificate for say a recipe site etc, do not see why Google is so arrogant about it
Hardcore Games™ Legendary is the Only Way to Play™
User avatar
Christopher
Site Administrator
Posts: 13595
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: x.509 certificate authority

Post by Christopher »

Vegan wrote:I was looking at mechanizing certificates for a portfolio of websites which need certificates
They won't be accepted by browsers, but they can work if the users understand that they are still encrypted and allow the browser exception.
Vegan wrote:It seems to be overkill needing a certificate for say a recipe site etc, do not see why Google is so arrogant about it
Not arrogant, just trying to encourage the simplest rule that eliminates common mistakes not encrypting pages that should be.
(#10850)
User avatar
Vegan
Forum Regular
Posts: 557
Joined: Fri Sep 05, 2008 3:34 pm
Location: Victoria, BC

Re: x.509 certificate authority

Post by Vegan »

All I know is that I have now created the basics for a CA but I am still trying to put the rest of the components together

my private certificate is set for 10 years so i can ignore that for a while
Hardcore Games™ Legendary is the Only Way to Play™
Post Reply