I want to start making client certifications to secure some internal services. The ones are some web services and an internal Jabber server.
And if the process is easy enough maybe make certificates for the authorized clients.
update: I'm looking for a AIX or Windows Server 2008 solution.
If you have OpenSSL, you can use my handy guide.
First thing you need to do is make sure Certificate Services component of windows server is installed. This allows creation of certificates for servers. I believe one server has to be the certificate authority.
Start->Add/Remove Programs->Add/Remove Windows Components->Check Certificate Services
First start with a root authority.
Then once this is installed, you can make certificates for individual servers.
Start->Administrative Tools->Internet Information Services (IIS) Manager Right click a website, and click properties. Directory Services Tab->Secure Communications
Once that is done, you need to use the Root CA to accept the certificate request.
Go to http://server/certsrv you can have the certificate accepted by the Root CA
If you really are a masochist and want to run your own CA, you can use:
Open CA. This can be run inside JBoss/Tomcat/ you can get it from openca.org
OpenSSL also comes with it's own CA capability. search for openssl + ca
There is a python CA available at pyca.de
Says on the bottom of the page that this is no longer actively maintained.
I gave up torturing myself and found that the best way of getting and more importantly managing free certs was to use CACert.org:
http://www.cacert.org/
Sign up and you can create certificates for free, they are the CA and have a root cert you can import into your keystore so you don't get the annoying questions from the browser etc. Takes a lot of the pain out of managing your own CA like they send you an e-mail when certs are going to expire etc.