Certificate Authority Structure - connorethanjay/ISDE-Homelab GitHub Wiki

Certificate Authority

The connorjay.me network environment is comprised of a Root CA signing server, which is offline at all times / airgapped, and an intermediate signing server that is online for signing certificates.

Generating a certificate for the environment

I use a template for OpenSSL based servers (eg. Linux VMs). This is located in the files section of the repository.

SSL Certificate Structure

On web servers in the environment, I use a bundle comprised of the web server's certificate, the intermediate signing server's certificate, and the root signing server's certificate. Below is an example of the structure.