Setting up a certificate authority

1125349392000

Having had yet another run in with Apache SSL (mod_ssl) and being very disapointed with the service of Thawte, I decided to have a go at setting up a certificate authority.

Setting up a CA doesn't really serve any purpose because no one is going to bother to install my cacert into their browser but here isn't always a purpose to everything that a geek does. Besides a friend of mine, a cryptograpy specialist had thrown me challenge to set one up (this is a separate development).

As usual being Fedora user I was at a disadvantage. The openssl installation on the system by Red Face does not include the CA.pl (or CA.sh) script. And it does not include the sign.sh script. Not having these scripts means you need to do a hell of a lot of typing. Fortunately, I could dig up a copy of sign.sh with a little googling and decided to make do with out CA.pl

Even without CA.pl creating a root certicate is straight forward and howto do so is well documented in the apache SSL guide. So I should be signing off now but as often happens what works on the local server does not work on the production server. When ever the https url is accessed all you see is that famous message:

comments powered by Disqus