Homelab Series - Creating a Certificate Authority ( CA ) Server With Step-CA
HTML-код
- Опубликовано: 23 июл 2023
- Welcome to my Homelab Series! Here we will go through how to create a Certificate Authority ( CA ) Server!
For Business Inquiries you can email me at: sassdrew501@gmail.com
Feel free to check me out on Twitch: / dragonslayer501
OMG! This was such an elegant solution! I am setting up my own home lab and i am stuck on this for almost a week now! Ill try this as soon as i get back home. Thank you!
This deserves a follow. Hope to see great things from your lab!
hey man, first went down letsencrypt road for my homelab, but the local CA approach just "feels" better/cleaner: very much appreciated.
(sidenote: using '#' to prefix long cli commands to retrieve from history later is genius. i've been ctrl-c'ing those buggers way too long! :)
Haha yess! Letencrypt is nice if you're hosting something publicly but yeah having a local CA is very nice! Glad you enjoyed!
Wow! Just stumbled upon your channel searching for step-ca deployment... I found you have a ton of other very useful and relevant (to me) content... not sure how I haven't found you before. Your instructions are at a good level and well done. Thanks for your effort. Subscribed!
Ahww thank you so much! I just started my youtube channel for tech related videos just last year so still trying to increase my outreach still but happy that you were able to find my channel!
this is awesome, just set this up for my local services after watching your video with a 10 year expiration on the certs 👌thanks! 🙏
Nicee!! Yeah I need to re-create this video and include how to set the 10 year expiration so that it's all in one video! Glad that this helped you! It has been a lifesaver when dealing with self-signed certs :)
This series of videos is definitely under viewed but very appreciated!
Thank you! I appreciate that comment a lot! It's definitely hard trying to start a youtube channel in tech and get viewers for it :D So thank you for stopping by! Hope you enjoy the rest of the videos in the series! Definitely more fun to come!
I really like your videos, my only suggestion is that you might want to consider going a little slower and sharing the links and commands in the description.
The certificate generated only has 24 hours duration, how to set it up for longer duration? Thank you for the tutorial.
Hi boncabe804! Yes, check out this video: ruclips.net/video/jt6VDmRFpiE/видео.htmlsi=mfblyGFujllt44YO&t=238 I realized it too late that it was for on 24 hours so I made the update in a video later in my series. I was planning on redoing this video to include that in, but haven't gotten to it yet :D
@@sassdrew8141 Thanks a lot!
If in Windows, I really recommend using the new Windows Terminal, which looks and works great. I never had issues with pasting stuff to it. Thanks for the content!
Ohhh thank you for the suggestion! I'll have to check it out!
This is cool! Ive been wanting to incorporate this with hashicorp vaults pki secret engine for full cert automation
Yesss!! I've always hesitated doing stuff with certs because it always seemed daunting to get it to work :D but Step CA makes its easy!! In case you're interested you can automate stuff with like Ansible/AWX - I did this for my cert creation! ruclips.net/video/r0bIRmrx0z4/видео.html&pp=gAQBiAQB
@@sassdrew8141 definitely checking this out. I reported to creating an Ansible docker container that I build with my collections. But I'm thinking awx might be the better route
Why sometimes the CA tool insert some bad char into the cert ?
Which part inserts bad characters? I haven't had any issues creating certs with it!
when generate the certificate for example from Microsoft CA then import into the application@@sassdrew8141
not working on all my lan network, how i do for all ???
If you're wondering how to do a wildcard cert for your domain, you can just do "*.domain.com" when creating the cert and that should work. Don't forget to also install the CA certificate on your client machine so that it trusts the CA server!
@@sassdrew8141 I want my entire local network to be able to see my website without problems no matter what
In this case you would need to run through the client installation to trust the Step CA root certificate to be able to navigate to your site locally on any machines you want to use to be able to hit the site. Alternatively you could try using Let's Encrypt to generate a cert for you for your site which will use known root CA's which you wouldn't need manually add to each of your machines on your network! :)
"An unexpected error occurred: ValueError: Requesting X.X.X.X/acme: Connection refused"
This is usually because the service hasn't started yet! Make sure to check that it is started and then try creating the cert again!
but step ca no is free is paid :( :( :( other solution i have more 500 endpoint uu
Step-CA is open-source so it is a free solution, but depending on your use case you may want to try using Let's Encrypt!
brother thanks . I invite you to read the quran
Thanks!