i am who i be’s
I set up my own certificate authority a few days ago. This is not something most people have a need to do, but it’s pretty handy if you end up setting up lots of development sites on new IPs and whatnot, or if you’re deploying services that aren’t going to be used by the general public but still need SSL authentication. Having your own CA means you can properly set up SSL for these kinds of resources without having to pay your CA of choice for a real certificate. If you find yourself creating a lot of self-signed certificates, having a CA also means it’s easier to get your client base to trust your certificates: typically, depending on which Google hit you click on, your average self-signed certificate is signed in a sort of one-time-use way. If you have your own CA, then all your self-issued certificates are signed by the CA - so you can install the CA’s root certificate into your OS’s or app’s certificate repository and be done with it.
For this, I mostly used the instructions from G-Loaded verbatim - I changed some paths to work with my environment. The scripts below are new, though.
(This is a pretty long post.) (more…)