Greetings and salutations,
I hope this thread will be helpful to those who follow in my foot steps as well as getting any advice based on what I have done / documented.
To discuss this thread, please participate here: Ubuntu Forums
This thread will cover installation of a certificate authority (CA) server for the purpose of issuing your own certificates for your LAN.
This process will involve two servers. The root CA server will be installed and issue a certificate to an intermediate CA server. The root CA server will then be taken offline and stored in a safe place. The intermediate server will then become the server that will issue certificates to your other servers and the root certificate will need to be installed on all your machines so any certificates issued by the intermediate server will be automatically trusted.
This scenario is perfect for servers that are not accessible from the web or when using local domain names like mydomain.local.
Some of the abbreviations related to certificates:
- SSL – Secure Socket Layer
- CSR – Certificate Signing Request
- TLS – Transport Layer Security
- PEM – Privacy Enhanced Mail
- DER – Distinguished Encoding Rules
- SHA – Secure Hash Algorithm
- PKCS – Public-Key Cryptography Standards
- Ubuntu Server 18.04.1 LTS, 64-bit
- OpenSSL 1.1.0g
- Portable PuTTY 0.70
- VMware vSphere 6.0.0
- VirtualBox 5.2.18
The list below are sources of information that was helpful in the creation of this document.
This documentation will need to make use of some very-specific information that will most-likely be different for each person / location. And as such, this information will be noted in this section. They will be highlighted in red throughout the document as a reminder that you should plug-in your own value rather than actually using these "place-holder" values.
Under no circumstance should you use the actual values listed below. They are place-holders for the real thing. This is just a checklist template you need to have answered before you start the install process.
Wherever you see RED in this document, you need to substitute it for you will use in your environment.
- Local domain: mydomain.com
- Ubuntu Server name: srv-ca-root
- Ubuntu Server IP address: 192.168.107.69
- Ubuntu Server name: srv-ca-im
- Ubuntu Server IP address: 192.168.107.70
- Ubuntu Admin ID: administrator
- Ubuntu Admin Password: myadminpass
- Root CA Private Key Passphrase: myrootcapass
OpenSSL certification authority CA Ubuntu server
OpenSSL commands to check and verify