How to choose a certification authority?

V

Vladislav Aleinikov2020-12-15 14:06:34

CentOS

Vladislav Aleinikov, 2020-12-15 14:06:34

Good day!
The task is to select a certificate authority for two-way mTLS.
Now these are self-signed certificates like clent.crt, client.key which are generated on the server and sent to the client.
In fact, you need to generate the same certificates, only the certification authority should be, for example, let's encrypt.
The problem is that I can't find information on 2-way mTLS, all search results give information on SSL for sites.
How do I set up a CA and two-way mTLS on the server and issue certificates to the client?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

CityCat4, 2020-12-15
@CityCat4

The simple answer is to set up and use your own CA.
Difficult answer - the world's CAs are geared towards issuing certificates of very specific types - with EKU ServerAuth (well, maybe E-Mail Protection as well). If this is enough for your mTLS - take it and release it. If not, expand your CA and set the root CA certificate to trusted at both points - still put its certificate on the client.
As for LE, it generally generates certificates only for ServerAuth and only for three months. That's not what they cut him for.