Hi,
I am going through deploying an instance of boulder for our projects use.
In this project, we are going to be the certificate authority.
I am using the docker test project as a basis.
( I allready know it is not a good production config, but I cannot find any other instructions on how to deploy boulder )
So I have everything running, and boulder is functioning properly against certbot.
But I am obviously getting bogus certificates from “h2ppy h2cker fake CA” that come with the test project. I want to replace them with some self signed certificates.
I am looking for instructions on how to change the certificates that come with boulder.
I saw that there are many certificates in the boulder project, but a quick search for “h2ppy h2acker” leads me to test-ca.der
I try to replace the der file with these commands:
openssl req -x509 -newkey rsa:4096 -keyout test-ca.key -out test-ca.pem -days 36500 -nodes -subj "/CN=myprivatesite.com"
openssl x509 -outform der -in test-ca.pem -out test-ca.der
openssl rsa -inform PEM -in test-ca.key -outform DER -out test-ca.key.der
But I find that the server crashes right after I launch it.
(It does not crash if I don’t change the certificates)
I was wondering if what I am doing wrong here. Or even better: if someone could point me to a guide on how I should go about doing this.
PS: This is the error message I get from the boulder container:
boulder_1 | E184728 boulder-ca [AUDIT] Couldn't load private key: Issuer key did not match issuer cert test/test-ca2.pem
boulder_1 | Couldn't load private key: Issuer key did not match issuer cert test/test-ca2.pem