OpenSSL CA for Intranet Infrastructure
I need to establish my own root CA for my company Intranet using OpenSSL - right now so I can use SSL on an email system (Postfix TLS and Stunnel for POP3S) and probably later for IIS/Apache web servers. Seems pretty easy, just run CA.pl -newca and then start making certificates for the servers, and install the root certificate on all client programs (Outlook, Thunderbird).
My question is where do I keep/backup the files and what's best to use for the "Common Name" of the CA? I'm guessing if I make the CA on my workstation, I should be able to backup the demoCA folder and any keys/certificates I've made, or maybe just keep them on a USB key drive. Can I just move these files from my workstation to somewhere else, for example I decide to use an old laptop as a dedicated CA "server" as long as it has openssl installed? And right now I used my workstation's full DNS name as the CN - am I probably better off using something like "My Company CA" instead?
Thanks,
slacky
|