Have you ever wanted to create your own PKI (Public Key Infrastructure), including Root-CA and several Intermediate CAs, a working OCSP-Responder and a client certificate generator?
You don't want to dig too deep into the details of OpenSSL, instead just start setting up your PKI running a couple of scripts?
How to get the module
Pull the source code of the module from https://github.com/sebikolon/PKI-X509.
Use my ready-to-run batch scripts in order to create your own PKI (Public Key Infrastructure) including
- Creation of Root-CA (issues the Intermediate CA)
- Creation of several Intermediate-CAs (issues server/client/OCSP certificates)
- Running an OCSP-Responder (Incl. checking the validity of certificates)
- Issuing Server/Client certificates
- Converting certificates from PEM to CRT format
- Revoking certificates using an OCSP responder or a CRL (Certificate Revocation List)
- Creating #PKCS12 keystores including certificates and the entire trust of chain
Your Intermediate CA is capable to issue as many client certificates as desired. Of course you can create several Intermediate CAs in order to structure your PKI!
Please make sure to keep your private keys (Especially Root-CA and Intermediate CAs) top-secret.
How to create your own PKI
- First of all, you need to install OpenSSL. Fetch it for UNIX (Official OpenSSL.org) or for Windows (Win32/64 OpenSSL)
- After installing the tool, add the OpenSSL binary to your PATH variable
- Run the batch scripts from the repository