Use of Self-Signed Certificate Authority

Latest response

I have generated a self signed CA.
Can I use the same SS-CA to "sign" all other certificates ?
e.g. CA & Client certs that I will export to windows 7 clients ?
server certificates for use on my rhel 7.0 VPN server ?
I'm using an rsa key type with a length of 2048 bits.
Will they all use the same private/public key set. ?

Guy

Responses

Depending on how you generated the CA cert, "yes". Been doing this for years both for personal and work systems. You'll also want to ensure you've set up a CRL mechanism and provide instructions to your users on how to trust your CA.

Thanks for your response Tom.
My problem now is "importing" the CA (w/o the private key) into a windows 7 Trusted Root Store.
I'm using certutil and openssl utilities.

Guy

Easiest method is to put the CA's public PEM on a network-accessible share (or provide your users with instructions for extracting it from a signed certificate's trust-chain).

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.