HALLO
• How to become a certification authority
• and How to sign a certificate signing request with my certification authority?
and thank you
HALLO
• How to become a certification authority
• and How to sign a certificate signing request with my certification authority?
and thank you
You can create your own private PKI using something like cfssl, which is a bit easier to use than OpenSSL. cfssl provides all the tools you need to create a CA and sign certificates. However, no browser or other type of reliant party will trust your CA unless they manually add you to their trust stores.
To become a trusted CA you have one of two options:
If you want to do it for a small demo project for how the technology works, OpenSSL might still be a decent choice. It has commands that perform all of the tasks related to requesting and issuing certificates. For practical applications, I think @_az’s suggestion is good.
If you like the ACME technology that Let’s Encrypt uses, you can run the same CA software that Let’s Encrypt does
As @_az explained, your CA won’t be trusted by clients, unless those clients have your CA’s certificate installed. For a personal or organizational CA, that could be OK (you can get all of the devices that are supposed to trust the CA to install its certificates).