SSL Certificate Server
Is it possible to implement a certificate server using Linux distro like RedHat or SUSE? If so what components need to be installed?
I currently have a Windows Certificate server but because I'm moving to a another domain have to decommission this server. The new domain does not have a Certificate server in place, so I was wondering if it is possible to implement a CA in Linux and generate SSL certificates.
Thanks in advance for your response.
I can give you the simple model. It will not allow users to reject or recreate certs online, but it will allow you to create/sign certs. I use it for internal sites that I don't need to verify authenticity with an outside source, because, well... I trust my own certs. :-)
1) First, create the CA...
# cd /usr/share/ssl/misc/
# ./CA -newca
(do not use anything but letters and numbers in ANY field)
(ie, do not use "Chiton, Inc.", but use "Chiton Inc")
2) Now, configure the CA...
# vi /usr/share/ssl/openssl.cnf
(change the 365 day timeout to whatever you like, and adjust the defaults to make your life easier...)
3) Now, create the cert on the webserver..
IIS, go to the website and click directory security.
(the information must match that of the CA entered above.)
4) Sign the request...
# openssl ca -in https.somewhere.com.req -out https.somewhere.com.cer
Import the Cert into the webserver, and voila your done.
I'll try to find an old thawte document and post it, too.
blah, blah...there is no warranty. These instructions will probably cause irreparable damage to your data, possibly warping the physical disk, causing it to explode into mutliple flying platters of death. It could also be responsible for global warming, floods, and/or another ice age. Use at your own risk.
This is the thawte certificate pdf. It must be on their site somewhere, but I didn't see it in google. Anyhow... I didn't read anything that seemed to indicate that I can't post it in this forum.
all the best.