Chapter 2. Become your own Certificate Authority (CA)

Table of Contents

Prerequisites
First Steps
Creating a Certificate Authority
Certificate Caveats
Next Steps
Verify the Certificate
Revoke a Server Certificate
Distribute Your Certificates and CRL

This section describes in how to become your own Certificate Authority (CA) and how to create and sign your own certificate requests. Make no mistake, these certificates are good only for your intranet or with well known trading partners in order to provide a secure way to login or communicate with your services. These certificates could be used to eliminate the need for passwords and data to be transmitted in the clear. No one outside your company or immediate circle of trading partners should trust these certificates. Even with these caveats you will still find many situations where self signed certificates fit the business requirements while saving the company money by not requiring certificates for pay.

All the software required for these examples is available in OpenSSL . OpenSSL should be installed on the machine you wish to use to manage your certificates or create the certificate requests and will require root (administrative) privilege to the server.