If you decide to handle your own certificate authority for the purposes of internal certificates, you will be annoyed by all the house keeping tasks involved. This will ring especially true if you need a new certificate just few times a year and having a separate, always-ready machine is way too much overhead to handle.
As pretty much all above applies to me, I decided to create a helper script to ensure I setup stuff the same every time and I kept it really close to how I would do it manually.
First action is to create root CA certificate (will be saved in ca.cer
/ca.key
):
./microca.sh -r
Then we can give out, for example, TLS client and server certificates or just something for testing:
./microca.sh -u Client myclient
./microca.sh -u Server myserver
./microca.sh mytest
It is even possible to create an intermediate CA and use it to create other certificates:
./microca.sh -a intermediate
./microca.sh -c intermediate -u Client myclient
./microca.sh -c intermediate -u Server myserver
./microca.sh -c intermediate mytest
You can download script from GitHub alongside with brief documentation and it works on both Linux and Windows (via Git Bash).
[2017-03-17: Setting subjectAltName is also supported.]
[2018-12-16: MicroCA has its own page now.]