If you want to offer a web service over a secured, encrypted https connection, you have to find a certificate authority that certifies your key. But why not starting your own CA and signing the keys on your own?

Ok. Not too fast. I am not talking about the yet unknown free alternative to all SSL certificates in the world. SSL certificates are important and for many services out there it’s essential that well-known authorities sign their keys – in other words, it would not be a good idea if browsers treat all certificates (even those from evil authorities) as secure.

Browsers and other web clients come with a list of certificate authorities which are well known and proven to be secure. When a server sends a certificate which has been issued by an authority not part of this list, the browser warns the user about that – I’m pretty sure you’ve seen such a warning before.

chrome_not-private

So, when you host a website or service, that should be available via HTTPS publicly for many users, you won’t get around one of the big certificate authorities. There are even some more things you cannot achieve when running your own CA, for example you’ll never get a green browser bar for your connection.

But let’s say you run some services for a small group of users, for example the intranet for your business or the personal cloud for your family. In such cases you may have control over all clients and you are able to register an additional certificate authority in their browsers. If that’s the case, you can set up your own CA.

I don’t want to go further into the details how to set up such an authority because I found a wonderful guide published by Jamie Nguyen. Just click the following link and read on!

https://jamielinux.com/docs/openssl-certificate-authority/

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">