14

I'd like to set up a certificate authority, which I can then import to all the company's browsers and systems to get rid of all those nasty client warnings when using HTTPS or SSL.

Ivan
  • 3,288
  • 19
  • 48
  • 70

4 Answers4

9

You can use TinyCA, a graphical front-end for OpenSSL that lets you manage the tasks of a certificate authority.

Beware that the TinyCA website seems hard to reach at times.

ssc
  • 1,129
  • 3
  • 16
  • 30
chmeee
  • 7,270
  • 3
  • 29
  • 43
5

I recommend using OpenCA and here is the install guide. This is a full fledge PKI suite, which includes an OCSP server to immediately revoke certificates. It also has a PKI Resource Protocol server. I have personally used OpenCA and it is what you want.

If you really like RedHat and Java then you might want to go with RedHat Certificate System.

Rook
  • 2,615
  • 5
  • 26
  • 34
  • http://mm.cs.dartmouth.edu/wiki/index.php/Installing_OpenCA link is no longer working as of 10/14/2013 or sooner. – tacotuesday Oct 14 '13 at 15:39
2

Have a look at this: http://novosial.org/openssl/ca/

And for the entire work flow: http://novosial.org/openssl/

user1204270
  • 183
  • 1
  • 7
Niels Basjes
  • 2,176
  • 3
  • 18
  • 26
0

You can craft your own certificates with openssl command line tool.

It is possible to generate the root certificate, hence the (sub-)certificates you need.

You can use the following tool, simplifying the whole process: https://github.com/auino/your-own-ssl-certificate-authority

auino
  • 143
  • 7