| Next |
|---|
In Securing Communications with SSL/TLS: A High-Level Overview and Using CA.pl, I discuss standard tools for working with SSL/TLS certificates. Today, let's look at some streamlined tools for running your own private Certificate Authority.
I built a couple very simple Bourne shell scripts, cert.command and sign.command. The .command suffix makes them double-clickable on Mac OS X, although personally I run them as command-line programs. cert.command walks through the process of creating a CSR and signing it, to create a new signed certificate; sign.command takes an existing Certificate Signing Request and signs it, as a commercial CA would. Their behavior is the same whether executed from a shell (without arguments) or double-clicked: the script prompts for necessary information and produces a .crt file, signed by the root certificate specified in openssl.cnf. cert.command also prompts for organizational information, but sign.command doesn't, because that information is already in the CSR.
Alternatively, either script may be run from a command line with an argument: cert takes the filename of the certificate to create (e.g., "cert.command www.reppep.com.20071108"), and sign takes the CSR to sign (e.g., "sign.command www.reppep.com.20071108.csr").