Banish OEM self-signed certs forever and roll your own private LetsEncrypt

Banish OEM self-signed certs forever and roll your own private LetsEncrypt

Enlarge (credit: Aurich Lawson | Getty Images)

dynamically updating DNS and DHCP setup with bind and dhcpd. We laughed. We cried. We hurled. Bonds were forged, never to be broken. And I hope we all took a little something special away from the journey—namely, a dynamically updating DNS and DHCP setup. Which we’re now going to put to use!

If you’re joining us fresh, without having gone through the previous part and wanting to follow this tutorial, howdy! There might be some parts that are more difficult to complete without a local instance of bind (or other authoritative resolver compatible with nsupdate). We’ll talk more about this when we get there, but just know that if you want to pause and go do part one first, you may have an easier time following along.

The quick version: A LetsEncrypt of our own

This article will walk through the process of installing step-ca, a standalone certificate authority-in-a-box. We’ll then configure step-ca with an ACME provisioner—that’s Automatic Certificate Management Environment, the technology that underpins LetsEncrypt and facilitates the automatic provisioning, renewal, and revocation of SSL/TLS certificates.

Read 118 remaining paragraphs | Comments

Article Tags:
Article Categories:
Technology