Blog do projektu Open Source JavaHotel

czwartek, 30 kwietnia 2020

My private CA Center

Certificates, self-signed certificates, certificates signed by Certificate Authority, sounds complicated. But the devil is not so black as he's painted. It is easy to create a self-signed certificate but sometimes one needs to have a CA-signed certificate without paying fees. So be the authority for yourselves. I found a very good article on how to create private CA using open-source tools. But following the procedure manually is not a good method of spending your free time, so I created a solution which automates it all.
The solution and description are available here. The solution comes with three components.
  • Bash script ca.sh.  Script automates procedure described in the article. Creates a new Certificate Authority containing root and intermediate certificates. Also produces a certificate signed by the CA using CSR (Certificate Signing Request) or by providing all necessary data including CN.
  • Java server Rest/API. Assuming CA is created, the Java server generates signed certificate through Rest/API.
  • Docker script. The CA centre is created during Docker image creation and the container exposes Rest/API for certificate signing.