https://kb.unixservertech.com/ 2026-04-09T07:15:01+00:00 https://kb.unixservertech.com/ https://kb.unixservertech.com/_media/wiki/dokuwiki.svg text/html 2025-10-25T08:10:46+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/software/openssl/internalca/createca?rev=1761379846&do=diff Create an Internal CA This is the Certificate of Authority. This will be used to validate all of the later certificates you create. You will be putting part of the CA into each and every one of your machines, saying “anything signed by this is valid. text/html 2025-10-25T08:11:00+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/software/openssl/internalca/createcert?rev=1761379860&do=diff Create Service Certificate I use the term “Service Certificate” here since we are attaching a certificate to a service, be it a web server running Apache or an sftp server using openssh. However, I believe it is commonly called a “Server Certificate text/html 2025-10-25T08:07:49+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/software/openssl/internalca/createconfig?rev=1761379669&do=diff Create an SSL Configuration File While not actually required, it cuts down on the number of things you have to type. Creating this file allows you to use the -config parameter on many commands, with values drawn from here. For example, everything in the text/html 2025-10-25T08:08:16+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/software/openssl/internalca/deploy?rev=1761379696&do=diff Deploy Server Certificate Once created, the server certificate (.crt) and the key used to create it (.key) need to be deployed to the server which contains the service(s) you want to secure. Each operating system has a default, and even different distributions of the same operating systems may use a different default. However, since we must manually configure each services, we can choose a common location for our certificates if we want. On Unix, I create a directory named /etc/certificates an… text/html 2025-10-25T08:08:27+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/software/openssl/internalca/installca?rev=1761379707&do=diff Install CA on workstations Installation depends on the operating system of the workstation (or other device) you need the CA installed on. Note, this is only needed on workstations or machines which will be accessing the services. You do not need to install this on the servers which provide the service, though it is acceptable to do so. text/html 2025-10-25T08:25:39+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/software/openssl/internalca/lan?rev=1761380739&do=diff LAN SSL Certificates The procedures described here are generally used for local networks. In only limited cases would this be useful for any public service. For example, you would not use this to secure your public web/mail/ftp site. This is only used for internal, text/html 2025-10-25T08:25:29+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/software/openssl/internalca/overview?rev=1761380729&do=diff SSL Overview These are just some notes which help me organize How Things Work. These are things which were unclear to me when I started and I now (hopefully) understand better. They may or may not be true. Flow * Create an Internal CA * Generate private key for Certificate of Authority (CA), encrypted (-des3) text/html 2025-10-25T08:28:48+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/software/openssl/internalca/start?rev=1761380928&do=diff Internal Services SSL Certs The procedures described here are generally used for local networks. In only limited cases would this be useful for any public service. For example, you would not use this to secure your public web/mail/ftp site. This is only used for internal, text/html 2025-10-25T08:09:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.unixservertech.com/software/openssl/internalca/windows?rev=1761379774&do=diff SSL Program for Windows Warning: I do not recommend any of the sites listed below due to ignorance. Do anything on this page at your own peril. As mentioned in LAN SSL Certificates, most, if not all, Unix based systems (which includes MacOS) come with an openssl program (named, surprisingly,