A service of Daily Data, Inc.
Contact Form

Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace:
software:openssl:lan

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
software:openssl:lan [2025/10/19 00:58] rodolicosoftware:openssl:lan [2025/10/19 01:54] (current) rodolico
Line 1: Line 1:
 ====== LAN SSL Certificates ====== ====== LAN SSL Certificates ======
 +
 +<WRAP center round important 60%>
 +The procedures described here are generally used for local networks. In only limited cases would this be useful for any public service. For example, you would not use this to secure your public web/mail/ftp site. This is only used for internal, LAN based services which have no public access.
 +</WRAP>
 +
  
 Most SSL Certificates are used on public facing devices and are provided by large companies which specialize in this. For example, this web site uses an SSL certificate provided by [[https://letsencrypt.org/Let's Encrypt]], an organization the provides free SSL Certificates and is supported by [[https://letsencrypt.org/donate/|donations]]. Most SSL Certificates are used on public facing devices and are provided by large companies which specialize in this. For example, this web site uses an SSL certificate provided by [[https://letsencrypt.org/Let's Encrypt]], an organization the provides free SSL Certificates and is supported by [[https://letsencrypt.org/donate/|donations]].
  
 +However, in many cases it is useful to have SSL certificates in your Local Area Network (LAN), and these can not readily be provided by the public SSL organizations. They are designed for situations where you can prove ownership of a publicly visible service, like a web site or mail server.
 +
 +There are a few companies which provide this service, but the cost generally exceeds what most businesses are willing to spend, and as an alternative, it is easy to simply create your own Certificate of Authority (CA), add the public portion of that to all of your internal computers, and use that CA to generate certificates for your internal servers.
 +
 +===== Basic Procedure =====
 +
 +The steps to implementing a private, LAN based set of certificates is fairly straight forward.
 +
 +  - Install OpenSSL on a computer
 +    - Almost all Unix systems (Linux, BSD, MacOS) have it pre-installed
 +    - Windows systems, I'm not sure about since it is a cracker paradise. I'll try to put whatever I can find in [[software:openssl:windows]]
 +  - [[software:openssl:createca|Create a private Certificate of Authority]]
 +  - [[software:openssl:installca|Install the PEM file created above onto all machines which will be making a connection]].
 +  - For each service you need secure
 +    - [[software:openssl:createcert|Create a site certificate]] and sign it with the CA above
 +    - Copy the site certificate files to the servers containing the service
 +
 +At this point, you should be able to access all services using SSL (https, smtps, ftps, imaps).
  
software/openssl/lan.1760853508.txt.gz · Last modified: 2025/10/19 00:58 by rodolico