Configuration of an OpenBSD rugged secured server to obtain a private CA for SSL and SSH
Configuration of an OpenBSD rugged secured server to obtain a private CA for SSH, SSL and iked.
Reverse a private server, kvm instance, docker or another container for this type of application. It’ll be useful have it on a spare encrypted USB disk or virtual hided disk. I’ve got one mounted on a dedicated macppc OpenBSD instance. I use it like local LAN resolver, SNMP collector and, how not, like a CA server.
taglio@cyberanarkhia:/home/taglio$ uname -aOpenBSD cyberanarkhia.telecom.lobby 6.8 GENERIC.MP#3 macppctaglio@cyberanarkhia:/home/taglio$
No everyone know it, but sshd as ssl can use certificate based authentication. It’s a feature of openssh.
Just clone this repository on the OpenBSD CA server machine:
$ mkdir -p Sources/Git$ cd Sources/Git$ git clone https://github.com/redeltaglio/OpenBSD-private-CA.git$ cd OpenBSD-private-CA
Our setup_node script got some options:
install -> create SSH and SSL private CA verify -> printout and verify certificates reset -> reset filesystem hierarchy and delete certificates and keys transfer -> tar files on /home/$USERNice Regards,
Riccardo <taglio> Giuntoli.