Archive for March, 2010

Open CA, continued

Coding, Tool Tips | Posted by attriel March 16th, 2010

Well, I haven’t had a chance to look at the entries I mentioned last post.  But I DID remember an open free Certificate Authority.

CA Cert, it’s a site that allows you to register and, assuming you can reasonably proof ownership of your domain (by answering the emails associated with the registrar), then you can issue certs for your domain.  I’m currently looking at issuing certs for my mail server and web daemon.

The CACert Root Certificate isn’t widely distributed, so your users would have to add it the first time they came, but IMO it’s a little better (and possibly more well controlled) than the self-signed “Snake Oil” certs.

The only downside, that I’ve noticed so far, is that there’s no interface for building your request.  So you still have to use OpenSSL or another package to generate your Cert Req and the CSR.  I’m kindof surprised, honestly, that they don’t have that part, since that would be easier than the CA portion I would think.

So, I still want to look at the other tools, but since CACert is centralized and you can add the root cert for your users, I think it makes a decent option when you can use it.

Comments Closed

CA Systems

Coding, Tool Tips | Posted by attriel March 3rd, 2010

So, as part of the MySQL SSL Replication series, I decided that I’d look up some open source CA systems.  Because there must be something better than running openssl –fifty –thousand –options –with –no –memory –or –chceking

I found OpenCA/OpenPKI ,which looked interesting.  Except as I tried to set it up, the Ubuntu distributions were in Redhat RPMs, and after converting them they don’t appear to be actual apps.  They may have been framework prereqs of the app.  But the downloading screens were singularly uninformative.

I also found EJBCA, which I haven’t tried out yet.  Partially because OpenCA sounded decent, and I figured I’d try that first, since EJBCA looks to be a much larger Java/jboss application, and I don’t know JBoss offhand.  I’ll let you know if I get it going, otherwise I’ll do the MySQL entries with openssl.

And I meant to post this yesterday, oops.

Comments Closed