After surfing countless hours I came to the conclusion that there is no simple yet thorough install guide to use OpenSSL as a Certificate Authrity in a network. When I say as a Certificate Authority, I mean using Only a couple of Linux servers running a simple webinterface and a Certificate Authority, for all your certification needs. These include:

• Webserver (SSL)
• email server(IMAPS, POPS)
• user authentication for applications and services (personal certificates, openvpn etc.)
• various signing certificates (signing email, applications etc.)

There is no thorough guide that addresses all of these subjects, but I am working on doing just that. The plan is to do just such an installation and describe every step in detail with lots of screenshots and code excerpts. This will take some time so I will publish various steps here as Blogposts. However once the whole thing is done, including example applications and installations for each service like the following:

• Installation of the root certificate on every machine in your Domain
• Creation and installation of a certificate for Apache (this is covered a lot on the net so should be easy)
• Creation and installation of a certificate for a mail server (Unix/Linux)
• Creation and installation of a authentication certificate for webbased applications
• Usage of the same certificate for other means of authentication (OpenVPN)
• Certificate revocation
• Installation of a webbased application (PHPki small and simple) that will allow you to manage certificates and allows users to enroll themselves.

the whole guide and text with pictures and examples will be made publicly available as a PDF for anyone who wishes to download.

Feedback and pointers are welcome at this point as I am jsut starting to install the CA on Shorty.

Popularity: 2% [?]