Certification authority


#1

HALLO

• How to become a certification authority
• and How to sign a certificate signing request with my certification authority?
and thank you


#2

You can create your own private PKI using something like cfssl, which is a bit easier to use than OpenSSL. cfssl provides all the tools you need to create a CA and sign certificates. However, no browser or other type of reliant party will trust your CA unless they manually add you to their trust stores.

To become a trusted CA you have one of two options:

  • You can pay $x00,000s of dollars to an existing CA to become a subordinate CA, or
  • You can start your own CA and apply to root programs to be trusted, but this can cost upto a million dollars or more over a few years, including staff, infrastructure and time.

#3

If you want to do it for a small demo project for how the technology works, OpenSSL might still be a decent choice. It has commands that perform all of the tasks related to requesting and issuing certificates. For practical applications, I think @_az’s suggestion is good.

If you like the ACME technology that Let’s Encrypt uses, you can run the same CA software that Let’s Encrypt does

As @_az explained, your CA won’t be trusted by clients, unless those clients have your CA’s certificate installed. For a personal or organizational CA, that could be OK (you can get all of the devices that are supposed to trust the CA to install its certificates).


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.