Differences

This shows you the differences between two versions of the page.

--- wiki:tech:certauth [2024/04/25 13:11] – surfrock66
+++ wiki:tech:certauth [2024/04/30 07:58] (current) – surfrock66
@@ Line 5: / Line 5: @@
 For having valid SSL on internal resources (so you don't get a warning in the web browser, and get a nice green check) we have a certificate authority that issues and validates certificates within the network.  The local domain we generates certs for is "hda.surfrock66.com."  Once you install the root CA certificate (as an administrator) on a device into the trusted root CA store, other CA issued certificates will show up as validated.
-There is an [[https://github.com/OpenVPN/easy-rsa|easy-rsa]] certificate authority on [[wiki:inventories:tech:systems:sr66-hda|sr66-hda]].  The working directory for the root CA is /etc/easy-rsa.  All operations should be done as the easy-rsa user, which you can become with the command (as root) "su - easy-rsa".
+There is an [[https://github.com/OpenVPN/easy-rsa|easy-rsa]] certificate authority on [[wiki:inventories:tech:systems:sr66-crt-01|sr66-crt-01]].  The working directory for the root CA is /etc/easy-rsa.  All operations should be done as the easy-rsa user, which you can become with the command (as root) "su - easy-rsa".
 Most of the procedure for issuing a cert can be found in the script "0.RequestCert.sh" in that directory.  The script assumes we are generating certs for the "hda.surfrock66.com" domain.  This can be done with optional params; you can run:

Surfrock66 Wiki