How to set up my own full-featured certificate authority?
772
I'd like to set up a certificate authority, which I can then import to all the company's browsers and systems to get rid of all those nasty client warnings when using HTTPS or SSL.
I recommend using OpenCA and here is the install guide. This is a full fledge PKI suite, which includes an OCSP server to immediately revoke certificates. It also has a PKI Resource Protocol server. I have personally used OpenCA and it is what you want.
You can use TinyCA, a graphical front-end for OpenSSL that lets you manage the tasks of a certificate authority.
Beware that the TinyCA website seems hard to reach at times.
I recommend using OpenCA and here is the install guide. This is a full fledge PKI suite, which includes an OCSP server to immediately revoke certificates. It also has a PKI Resource Protocol server. I have personally used OpenCA and it is what you want.
If you really like RedHat and Java then you might want to go with RedHat Certificate System.
Have a look at this: http://novosial.org/openssl/ca/
And for the entire work flow: http://novosial.org/openssl/
You can craft your own certificates with
opensslcommand line tool.It is possible to generate the
rootcertificate, hence the (sub-)certificates you need.You can use the following tool, simplifying the whole process: https://github.com/auino/your-own-ssl-certificate-authority