SSL Certificate Authorities

Several services running on my hosts are secured by SSL certificates. This includes client certificates in order to authenticate against administrative web applications or e-mail servers as well as host certificates which authenticate servers to clients. Those certificates are issued by the following Certificate Authorities run by me.

Please note that these internet services are offered to only a few persons which I personally know. I am in no way a commercially run Certificate Authority and certificates issued by me are not recognized as "trustworthy" by browsers and e-mail clients by default. Thinking about it this seems a bit odd because I'd always trust a close friend more than a largely inscrutable company accredited by another such company, but that's how it is. Anyway, the whole point is that most probably you'll never need to deal with certificates signed by me.

Certificates are issued by the following Certificate Authorities. Those certificates are mostly for internal usage. Regular websites of mine use commercially signed certificates.

All certificates are X509.3 certificates with 2048-bit RSA keys and SHA1 hashes. Root certificates and certificate revocation lists are available online.

The scripts to create and sign the certificates can be found on Bitbucket or this server. (TODO: Add link)

SSH Certificate Authorities

OpenSSH uses a much simpler certificate scheme based on signed public keys which lacks many of the X509 SSL features. Therefore SSL certificates cannot be used to authenticate against SSH servers. Since all of my SSH servers are secured by host certificates (authenticating hosts to clients) as well as client certificates (authenticating clients to hosts) I run the following SSH Certificate Authorities in order to sign public keys and thus turning them into certificates:

  • Dennis Schulmeister: SSH Host CA
  • Dennis Schulmeister: SSH Client CA

The scripts to create and sign the certificates can be found on Bitbucket or this server. (TODO: Add link)


attachments

imageappend Append an Image
>