Back to the sea ; the Certificate Authority (CA), episode IV
OpenBSD FAQ and manpages is full of “how to generate your self-signed certificate”. That’s OK. But I you get several services, as I’m gonna get, this means you’ll have to deploy every certificate to every client so that they trust them. Creating your own CA enables you to only deploy the CA file to your client. Then, they will trust any certificate that were signed by it. Plus, it’s fun :p
My NetBSD Certificate Authority (CA) with OpenSSL
I created a private certificate authority with OpenSSL on NetBSD tu use in my personal LAN. The certificates are used to authenticate servers in SSL/TLS mode and also to remotely connect to my LAN using VPN.