Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |
wiki:tech:certauth [2024/04/25 13:11] – surfrock66 | wiki:tech:certauth [2024/04/30 07:58] (current) – surfrock66 |
---|
For having valid SSL on internal resources (so you don't get a warning in the web browser, and get a nice green check) we have a certificate authority that issues and validates certificates within the network. The local domain we generates certs for is "hda.surfrock66.com." Once you install the root CA certificate (as an administrator) on a device into the trusted root CA store, other CA issued certificates will show up as validated. | For having valid SSL on internal resources (so you don't get a warning in the web browser, and get a nice green check) we have a certificate authority that issues and validates certificates within the network. The local domain we generates certs for is "hda.surfrock66.com." Once you install the root CA certificate (as an administrator) on a device into the trusted root CA store, other CA issued certificates will show up as validated. |
| |
There is an [[https://github.com/OpenVPN/easy-rsa|easy-rsa]] certificate authority on [[wiki:inventories:tech:systems:sr66-hda|sr66-hda]]. The working directory for the root CA is /etc/easy-rsa. All operations should be done as the easy-rsa user, which you can become with the command (as root) "su - easy-rsa". | There is an [[https://github.com/OpenVPN/easy-rsa|easy-rsa]] certificate authority on [[wiki:inventories:tech:systems:sr66-crt-01|sr66-crt-01]]. The working directory for the root CA is /etc/easy-rsa. All operations should be done as the easy-rsa user, which you can become with the command (as root) "su - easy-rsa". |
| |
Most of the procedure for issuing a cert can be found in the script "0.RequestCert.sh" in that directory. The script assumes we are generating certs for the "hda.surfrock66.com" domain. This can be done with optional params; you can run: | Most of the procedure for issuing a cert can be found in the script "0.RequestCert.sh" in that directory. The script assumes we are generating certs for the "hda.surfrock66.com" domain. This can be done with optional params; you can run: |