Re: update-ca-certificates

To: debian-user@lists.debian.org
Subject: Re: update-ca-certificates
From: Pocket <pocket@columbus.rr.com>
Date: Wed, 13 Dec 2023 22:05:32 -0500
Message-id: <[🔎] fb4cc14a-62bd-4bcc-ba3e-7795bd84b4de@columbus.rr.com>
In-reply-to: <[🔎] 20231213195000.259c9f6c@jhegaala.localdomain>
References: <[🔎] 8f940077-1197-451e-b765-5da729479811@columbus.rr.com> <[🔎] 5875420e-d9ea-43fe-8df4-6ac6220d15b9@gmail.com> <[🔎] 20231213195000.259c9f6c@jhegaala.localdomain>


On 12/13/23 21:50, Charles Curley wrote:

On Thu, 14 Dec 2023 09:34:37 +0800
jeremy ardley <jeremy.ardley@gmail.com> wrote:

You don't have to be your own CA. It's very easy to use letsencrypt
to generate valid certificates for hosts even if they are not
directly connected to the internet.

Oooh, is there a writeup somewhere on how to do that? The last time I
looked, I couldn't find one. But that was a while ago.

I am following the one athttps://jamielinux.com/docs/openssl-certificate-authority

it is from 2015 and I made the scripts from the different stages in thechapter.


root, intermediate and client.

I will consolidate them into a single script when I have everything working.

I will then add the revocation, CRL and OCSP at the end of testing.

I intend to the encrypt the directory holding the CA with fscrypt tokeep the private keys secure.


--

It's not easy to be me

Reply to:

References:
- update-ca-certificates
  - From: Pocket <pocket@columbus.rr.com>
- Re: update-ca-certificates
  - From: jeremy ardley <jeremy.ardley@gmail.com>
- Re: update-ca-certificates
  - From: Charles Curley <charlescurley@charlescurley.com>

Prev by Date: Re: update-ca-certificates
Next by Date: Re: raid10 is killing me, and applications that aren't willing towait for it to respond
Previous by thread: Re: update-ca-certificates
Next by thread: letsencrypt certs for disconnected hosts (Was Re: update-ca-certificates)
Index(es):
- Date
- Thread