Mirror of the Rel4tion website/wiki source, view at <http://rel4tion.org>

[[ 🗃 ^yEzqv rel4tion-wiki ]] :: [📥 Inbox] [📤 Outbox] [🐤 Followers] [🤝 Collaborators] [🛠 Commits]

Clone

HTTPS: git clone https://vervis.peers.community/repos/yEzqv

SSH: git clone USERNAME@vervis.peers.community:yEzqv

Branches

Tags

master :: maint / admin / ca / tinyca /

Creating_a_CA.mdwn

A Certificate Authority (CA) signs certificates, marking them as authenticated. In other words, a CA signature on a certificate says “you can trust the owner of this certificate”. If you’re used to visiting a certain website which your browser trusts, and one day you visit and get a security warning, there’s a chance you’re viewing a clone of the real website, made by a scammer, maybe in hope to get your private account details. Without server authentication, you wouldn’t notice.

I’m not saying SSL is the perfect solution to the problem, or a solution I would design or spread if it was up to me, but I assume you have your reasons to use it (and so do I).

For large-scale use of certificates, i.e. large CAs, it is a good idea to create sub-CAs. These sub-CAs manage their own certificates. It allows responsibility to be delegated to other people and teams, each managing the certificates related to its area/domain. With TinyCA, setting up sub-CAs is quite easy, and the tutorials listed in [[Useful Links]] can help.

However, for small-scale use it is not necessary. This guide is based on home server experience and is focused on small home/community servers. For those, it’s easier to have a single CA which signs one certificate per service. One for the website, one for Jabber server and so on. The number of users and services will probably be small enough to make this approach work well.

When running TinyCA for the first time (or any other time, until you create a CA), it will automatically open the Create CA dialog:

[[!img 1.1-create-ca-blank.png class=“center”]]

Now fill in the details.

Here’s an example:

[[!img 1.2-create-ca-filled.png class=“center”]]

When you’re done, click OK. The CA Configuration window will appear.

Here’s an example:

[[!img 2-ca-config.png class=“center”]]

When you’re done, click OK. The CA will be created you will be presented with the main TinyCA window, containing the CA details. It will look like this:

[[!img 3-ca-created.png class=“center”]]

[See repo JSON]