MrE

Asked: 2015-09-26 16:34:11 +0800 CST2015-09-26 16:34:11 +0800 CST 2015-09-26 16:34:11 +0800 CST

CA certificates for TLS authentication

Using CoreOS and securing the different components requires TLS.

There's etcd, docker, and other services that need CA to sign certs. Is it OK to use the same CA cert to sign the different certs for all the services, or should I really create a CA for each service?

I know this is subjective and I may get lots of 'opinions', but is there really any good reason to create several CAs?

1 Answers

Voted

Best Answer

EEAA
2015-09-26T17:21:06+08:002015-09-26T17:21:06+08:00
Do not create a CA for each service. The idea is to have one single CA, whose CA cert is imported into each of your systems' trusted CA list. That way, you can sign all of your certs using that CA and they will be trusted.
2

CA certificates for TLS authentication

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?