views:

1460

answers:

5

I am running a number of SSL-encrypted websites, and need to generate certificates to run on these. They are all internal applications, so I don't need to purchase a certificate, I can create my own.

I have found it quite tedious to do everything using openssl all the time, and figure this is the kind of thing that has probably been done before and software exists for it.

My preference is for linux-based systems, and I would prefer a command-line system rather than a GUI.

Does anyone have some suggestions?

+6  A: 

An option that doesn't require your own CA is to get certificates from CAcert (they're free).

I find it convenient to add the two CAcert root certificates to my client machines, then I can manage all the SSL certificates through CAcert.

Ted Percival
+2  A: 

+1 to CACert. I have used them in the past, and found the service simple to use, and very effective. The self-certification route is also possible, but I found the difference between CACert and the learning curve required to set up a CA to be too great.

ZombieSheep
+4  A: 

You could just create all the certs using openssl..

This is a great guide if you want to do just that.
http://riseuplabs.org/grimoire/web-server/self-signed-certs/

Alternatively I have at my site, created a shell scripts that is basicly goes through the steps described in the tutorial. Saves you the trouble of going through each of the steps.
http://thetechmind.com/articles/a-shell-script-for-creating-a-selfsigned-cert

paan
+2  A: 

I know you said you prefer the command line, but for others who are interested in this, TinyCA is a very easy to use GUI CA software. I have used this both in Linux, and also in OSX.

sherbang
Yeah, I like TinyCA, but found the need to run in a GUI limiting as I sometimes only have shell access to some machines.
kaybenleroll
+1  A: 

There's a simple webpage solution: https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/entry/a%5Fpki%5Fin%5Fa%5Fweb%5Fpage10