12 Running a Mini-CA

In Chapter 8, X.509 Certificates and PKI, we learned about Public Key Infrastructure (PKI) based on X.509 certificates. In this chapter, we will learn how to use the openssl ca subcommand to run a mini-Certificate Authority (CA) that can issue certificates for internal usage in an organization. A mini-CA can be useful in organizations for establishing internal PKI, gaining control of internally used certificates, and saving costs on ordering certificates from commercial CAs. The usage of a mini-CA will be illustrated by command-line examples.

We are going to cover the following topics in this chapter:

Understanding the openssl ca subcommand
Generating a root CA certificate
Generating an intermediate CA certificate
Generating ...

Get Demystifying Cryptography with OpenSSL 3.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Demystifying Cryptography with OpenSSL 3.0 by Alexei Khlebnikov

12

Running a Mini-CA

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly