Generate and manage an internal CA for your company
It's a scary Internet out there. All your company's internal apps and service-to-service communication should be encrypted. Certified will help you generate all the certificates you need to make that happen.
sudo apt-get install ruby-ronn sudo make install
For some version of
apt-getand some version of
ruby-ronn. The point being you need to make sure you have ronn installed.
packages.rcrowley.orgon Debian or Ubuntu:
echo "deb http://packages.rcrowley.org $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/rcrowley.list sudo wget -O /etc/apt/trusted.gpg.d/rcrowley.gpg http://packages.rcrowley.org/keyring.gpg sudo apt-get update sudo apt-get -y install certified
All you need is
coreutils, and OpenSSL.
Generate your CA:
certified-ca C="US" ST="CA" L="San Francisco" O="Example" CN="Example CA"
You're going to want to trust the root CA certificate on all your laptops and servers. See Trust your CA in the wiki to learn how.
Generate a wildcard certificate:
certified CN="internal.example.com" +"*.internal.example.com"
Generate a certificate with several DNS names:
certified CN="ops.example.com" +"git.ops.example.com" +"jenkins.ops.example.com"
Generate a certificate for an IP address:
certified CN="localhost" +"127.0.0.1"
Install your certificates on all your servers.
The wiki further documents common usage patterns and how to use your CA with various browsers, operating systems, and programming languages.