Mirror of the Rel4tion website/wiki source, view at <http://rel4tion.org>

[[ 🗃 ^yEzqv rel4tion-wiki ]] :: [📥 Inbox] [📤 Outbox] [🐤 Followers] [🤝 Collaborators] [🛠 Commits]

Clone

HTTPS: git clone https://vervis.peers.community/repos/yEzqv

SSH: git clone USERNAME@vervis.peers.community:yEzqv

Branches

Tags

master :: maint / admin / ca / tinyca /

Exporting_the_Files.mdwn

In order to use the certificate to authenticate a web service, it needs to be exported from TinyCA and copied to a location where your server can find it. To be more precise, the files we’ll export are:

Another commonly used file is the CA chain file, but it is only required when you use sub-CAs. Since in our setup there aren’t any, and the root CA signs the server certificates directly, no chain file is needed.

Let’s export the CA certificate. In the main window of TinyCA, click the “Export CA Certificate” toolbar button, which is the second from the right (or left, if you use an RTL locale). Choose a location to export to. Example:

[[!img 6-export-ca-cert.png class=“center”]]

In order to export the revocation list, click the right most button (or left most, if you use an RTL locale) on the toolbar. Choose a location, enter the CA password and validity time. You can probably use the default for now, but I’m not an expert. If you need advice on expiration times, I hope other resources can help. If you do know, please share it here if you can, to make this guide more complete.

[[!img 7-export-crl.png class=“center”]]

In order to export the server certificate, go to the Certificates tab and right-click on the certificate line. Choose “Export Certificate” from the popup menu.

[[!img 8.1-export-cert-menu.png class=“center”]]

Choose a storage location and click “Save”.

[[!img 8.2-export-cert-filled-nokey.png class=“center”]]

Finally, in order to export the server key, go to the Keys tab. Right-click on the key line and select “Export Key”.

[[!img 9.1-export-key-menu.png class=“center”]]

Choose a storage location. Set “Without Passphrase” to yes, otherwise you’ll need to supply the key passphrase every time you start the web server. Click “Save”. You will be asked for the certificate passphrase.

[[!img 9.2-export-key-filled-nocert.png class=“center”]]

[See repo JSON]