Index ¦ Archives ¦ Atom

Setting up a personal Certification Authority

This is the first in a three part series of posts on; Setting up a personal Certification Authority, Securing Apache with Client Certificates, and Setting up FreeRADIUS to secure your WiFi.

I've been looking for some software to run my own personal Certification Authority. I've used OpenSSL but personally I find it very hard to work with. I feel like there are hundreds of different options, flags and switches. While OpenSSL can be used to run a CA, I need to look up the commands again and again every time I try to use it. I even find GNU Privacy Guard easier to wrangle.

I've used the Windows Certification Authority at work and it's not too bad, a few peculiarities but it dose it's job. But I don't want to run a Windows Server at Home. Some CAs like EJBCA look good but I think are overkill for what I wanted so I settled on TinyCA. The official site for TinyCA times out but I used the Arch Linux version.

On Debian run sudo apt-get install tinyca

When you first open TinyCA you are presented with a welcome screen to create a new Certification Authority.

New TinyCA

Most of the fields are pretty self explanatory

New TinyCA Filled in

Then you are presented with a configuration screen, I just went with the defaults.

TinyCA Configuration


TinyCA Created

And finaly we get to the main screen of Tiny CA

TinyCA Configuration

To create a Client Certificate go over to the requests tab, right click and go to new Request

TinyCA Request

Fill in your details, again fairly self explanatory

TinyCA New Request

Now right click on the request and go to Sign Request > Sign Request (Client)

TinyCA Sign Request

TinyCA Sign Request Client

TinyCA Signing

Now under Certificates select the new certificate and export it

TinyCA Export Client

save it as a PKCS12 (.p12) files

TinyCA Export p12

TinyCA Save p12

And also export the CA Certificate

TinyCA Export Server

For those looking for the Tiny CA configuration files and keys they will be in ~/.TinyCA/

In the next few posts we will look at what we can do with our new certificates.

Creative Commons License
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican. Based on a theme by Giulio Fidente on github.