Certificate Authority

This document describes how to build our own certificate authority and how to issue certificates for persons, devices and services acting as clients and servers.

Contents:

• Public vs. Private CA
  • When to use Public CAs?
  • When to use a Private CAs?
• What’s in a CA?
• CA Protection
  • Root and Intermediate CA
  • Secure Work Environment
  • Secure Storage
• Creating the Root CA
  • Directories and Files
  • OpenSSL configuration
  • Generate CSR and new Key
  • Generate CSR from existing Key
  • Show the CSR
  • Self-Signing the Root Certificate
  • Revocation List (CRL)
  • Install As Trusted CA
  • References
• Creating the Intermediate CA
  • Directories and Files
  • OpenSSL configuration
  • Generate CSR and new Key
  • Generate CSR from existing Key
  • Sign the Intermediate with the Root CA
  • Revocation List (CRL)
  • Install and use the Intermediate CA
• CA Website
  • IP Addresses
  • Nginx Configuration
  • Information Page
  • CA Files
• Signing Certificates
  • Sign a Server Certificate Request
  • Sign a Client Device Certificate Request
  • Sign a Personal Certificate Request
• Revoke Certificates
• Certificate Revocation Lists
• OCSP Responder
  • Directories and Files
  • OpenSSL configuration
  • Generate CSR and Key
  • Sign the CSR with the Intermediate CA
  • Install Certificates Index
  • OCSP Service
  • HTTP Proxy
  • References
• x509 Certificate Attributes
  • Distinguished Name
  • Subject Alternative Name
  • Key Usage
  • Summary
• Hardware Security Module
  • Software Installation
  • XCA
  • References