How to setup boulder with my own certificate


#1

Hi,
I am going through deploying an instance of boulder for our projects use.
In this project, we are going to be the certificate authority.
I am using the docker test project as a basis.


( I allready know it is not a good production config, but I cannot find any other instructions on how to deploy boulder )

So I have everything running, and boulder is functioning properly against certbot.

But I am obviously getting bogus certificates from “h2ppy h2cker fake CA” that come with the test project. I want to replace them with some self signed certificates.

I am looking for instructions on how to change the certificates that come with boulder.

I saw that there are many certificates in the boulder project, but a quick search for “h2ppy h2acker” leads me to test-ca.der

I try to replace the der file with these commands:

openssl req -x509 -newkey rsa:4096 -keyout test-ca.key -out test-ca.pem -days 36500 -nodes -subj "/CN=myprivatesite.com"
openssl x509 -outform der -in test-ca.pem -out test-ca.der
openssl rsa -inform PEM -in test-ca.key -outform DER -out test-ca.key.der

But I find that the server crashes right after I launch it.
(It does not crash if I don’t change the certificates)

I was wondering if what I am doing wrong here. Or even better: if someone could point me to a guide on how I should go about doing this.

PS: This is the error message I get from the boulder container:

boulder_1    | E184728 boulder-ca [AUDIT] Couldn't load private key: Issuer key did not match issuer cert test/test-ca2.pem
boulder_1    | Couldn't load private key: Issuer key did not match issuer cert test/test-ca2.pem

#2

PS: Made a small edit to the script, I posted the wrong command and error message.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.