Custom CAs everywhere

I recently finished introducing custom CA infrastructure in two instances. Each having two sub CAs, two Servers and a bunch of users. The “create your own CA” part was quite easy after I found  a dated but still accurate tutorial. In hindsight it is quite silly why I didn’t do this before.

On the server side I had to make it work on:

  • Apache
  • Nginx
  • Postfix
  • Cyrus
  • Dovecot

Each expecting its own Format/Packing of certificates, keys and certificate chains. :/

On the client side I had to produce installation and configuration howtos for Windows and OS X and a bunch of popular browsers and email clients. Then there is the “user education” part … this is still in progress, but its looking good.

All in all, I’m happy with the result. 🙂

Leave a Reply

Your email address will not be published.