💾 Archived View for thrig.me › tech › ssl › local-ca.gmi captured on 2023-09-08 at 17:35:55. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-04-19)

➡️ Next capture (2023-12-28)

-=-=-=-=-=-=-

Local Certificate Authority

A local Certificate Authority (CA) is used to sign certificates specific to an organization. This allows verification of certificates signed by the CA, except for those on the certificate revocation list. An advantage over a third-party CA such as Let's Encrypt is that fewer people can create certificates with the custom local CA--maybe the certificates are used to allow relaying via SMTP, where it would not be good to trust certificates that anyone on the internet can obtain.

Minimal Viable CA

The following may be too minimal, though may suffice if you have control over all the systems involved, or can firewall off problematic hosts. A better CA might support such things as Certificate Revocation Lists (CRL) or the Online Certificate Status Protocol (OCSP).

minimum-ca.gmi

Other more elaborate certificate authority setups are possible.

See Also

Haven't tried these. There are doubtless others. Maybe they might work out for you?

https://github.com/OpenVPN/easy-rsa

https://github.com/kairoaraujo/goca

index.gmi