Do it yourself CA

Recently got questions on testing with certificates. Use self-signed certificates or CA signed certs? And how to easily obtain CA signed certs? It was quite a while ago that I had been playing with certs myself. So time to refresh my mind, do some searching + experimenting, and write a blog entry about it.

CA signed certificates (SSL server and client) are recommended as only the CA cert needs to be imported as a trusted certificate (e.g. in cacerts). First option is to use a free CA like CAcert.

Second option is to setup your own (test) CA. The most obvious option is to use openssl. The command line tool of openssl allows to first create a CA keypair + CA self-signed cert and next sign certificate requests (CSR), thereby creating CA signed certificates.

Alternative tools for a do-it-yourself CA with GUI are:

Played around a bit with this SimpleAuthority, and it looks quite OK. One can import certficate signing requests and export signed cert. A very limited version is free, but to manage an unlimited number of certificates, the cost is $50 (personal) to $240 (commercial). The ease-of-use and consistency of the GUI could be improved, but it does do the job.

Notes:

  • To generate and manage keystores, thé recommended tools is Portecle.
  • Alternative is Keytool IUI: it has extra features such as signing of files, but less user friendly than Portecle.
  • All sorts of links about PKI

Authored by: Guy

blogger

blogger

Curious to know more about this topic?

Working at i8c

i8c is a system integrator that strives for an informal atmosphere between its employees, who have an average age of approx 30 years old. We invest a lot of effort in the professional development of each individual, through a direct connection between the consultants and the management (no multiple layers of middle management). We are based in Kontich, near Antwerp, but our customers are mainly located in the triangle Ghent-Antwerp-Brussels and belong to the top 500 companies in Belgium (Securex, Electrabel, UCB, etc…).

Quality Assurance

i8c is committed to delivering quality services and providing customer satisfaction. That’s why we invested in the introduction of a Quality Management System, which resulted in our ISO9001:2000 certification. This guarantees that we will meet your expectations, as a reliable, efficient and mature partner for your SOA & integration projects.

i8c - ISO9001-2015

Also worth reading

AWS AppFlow: Streamlining SaaS Integrations with AWS Services

In today’s digital world, organizations are constantly looking for ways to streamline their workflows and improve their data management processes. One of the key challenges that organizations face is integrating their various software as a service (SaaS) applications with their data management systems. This is

Read More »

Apigee Scope Validation using OpenAPI Specification

In API security and management, we often use a lot of different security mechanisms to protect the requested resource behind the API Gateway. One of these mechanisms is the validation of scopes to authorize a client on a specific sub-resource of the API. Most of

Read More »