Well isn't learning how to run your own CA a lot of fun?

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 16:08:19 GMT

matus_chochlik@mastodon.online — Thu, 30 Apr 2026 16:08:19 GMT

@neil 10 years ago I worked on a project implementing PKI including CA, time-stamping, document signers, browser plugins and an installer of all the SW for universities in Slovakia.

You have my sympathies:P

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 16:06:51 GMT

brunogirin@mastodon.me.uk — Thu, 30 Apr 2026 16:06:51 GMT

@neil I am so looking forward to it!

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 16:06:04 GMT

neil@mastodon.neilzone.co.uk — Thu, 30 Apr 2026 16:06:04 GMT

@hannes openssl

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 16:05:12 GMT

hannes@social.coop — Thu, 30 Apr 2026 16:05:12 GMT

@neil are you using openssl command line or some scripts/tooling on top of it?

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 16:04:59 GMT

kate@social.treehouse.systems — Thu, 30 Apr 2026 16:04:59 GMT

@neil been there, done that. there are more fun things in life.

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 16:04:27 GMT

gary_alderson@infosec.exchange — Thu, 30 Apr 2026 16:04:27 GMT

@neil i have it pinned in my calendar

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 16:02:49 GMT

neil@mastodon.neilzone.co.uk — Thu, 30 Apr 2026 16:02:49 GMT

You can expect a riveting blogpost in due course.

And by "riveting", I mean "utterly tedious and unnecessary unless you, too, have the misfortune to want to run your own certificate authority".

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:57:49 GMT

bencurthoys@mastodon.social — Thu, 30 Apr 2026 15:57:49 GMT

@neil So. Sympathy.

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:57:39 GMT

bencurthoys@mastodon.social — Thu, 30 Apr 2026 15:57:39 GMT

@neil The answer, it turns out, is that the string was being built from a GUID, and their platform serialised the GUID with lowercase hex and mine with uppercase hex, and your eye doesn't notice the case of the letters when looking at hex values, so I couldn't see that they were different.

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:56:13 GMT

bencurthoys@mastodon.social — Thu, 30 Apr 2026 15:56:13 GMT

@neil The best part about debugging anything to do with certificates or encryption or security is that any useful debugging information is a security leak... so you don't get any. Either it works, or it doesn't work and it refuses to tell you why.

Sometimes it's mathematically impossible for it to tell you why. Once I lost more than a day working out why, when I hashed a string, I got a different hash value than was expected, when my hash function returned the same expected value on test data.

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:52:34 GMT

neil@mastodon.neilzone.co.uk — Thu, 30 Apr 2026 15:52:34 GMT

@ColinTheMathmo Certificate Authority

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:51:32 GMT

colinthemathmo@mathstodon.xyz — Thu, 30 Apr 2026 15:51:32 GMT

@neil Two things:

(a) What's a "CA" in this context?

(b) *Sympathy*

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:51:24 GMT

greenskyoverme@ohai.social — Thu, 30 Apr 2026 15:51:24 GMT

@prsfalken thx

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:51:11 GMT

greenskyoverme@ohai.social — Thu, 30 Apr 2026 15:51:11 GMT

@neil thx

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:46:48 GMT

neil@mastodon.neilzone.co.uk — Thu, 30 Apr 2026 15:46:48 GMT

@matthewcroughan

There are some services that I run where I would like TLS, would prefer not to expose them to the Internet, am not keen on moving around Let's Encrypt cert, and would prefer them to be trusted certificates rather than self-signed certificates, to work better on mobile devices.

Also, a fun learning exercise.

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:46:45 GMT

justine@snac.smithies.me.uk — Thu, 30 Apr 2026 15:46:45 GMT

Sending my deepest sympathies to you at these trying times. But letting you know that things will get better.

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:46:34 GMT

seabass@social.seabass.systems — Thu, 30 Apr 2026 15:46:34 GMT

@neil I look forward to the blog post for this one! Sounds like a more challenging project than usual.

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:45:35 GMT

neil@mastodon.neilzone.co.uk — Thu, 30 Apr 2026 15:45:35 GMT

@GreenSkyOverMe Certificate Authority

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:45:06 GMT

graves501@fosstodon.org — Thu, 30 Apr 2026 15:45:06 GMT

@neil Are you doing okay, Neil? Who has a gun pointing at you and telling you to run your own CA? Is it @babe again?

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:42:05 GMT

prsfalken@mastodon.social — Thu, 30 Apr 2026 15:42:05 GMT

@GreenSkyOverMe @neil Something you usually don't selfhost and if you do ... Avoid to mess with

(Certificate authority, if I'm not mistaken)

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:41:44 GMT

brunogirin@mastodon.me.uk — Thu, 30 Apr 2026 15:41:44 GMT

@matthewcroughan @neil
My question exactly. Why?

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:41:28 GMT

9pfs@tilde.zone — Thu, 30 Apr 2026 15:41:28 GMT

@neil good luck!

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:41:15 GMT

9pfs@tilde.zone — Thu, 30 Apr 2026 15:41:15 GMT

@GreenSkyOverMe @neil certificate authority

Reply to Well isn't learning how to run your own CA a lot of fun? on Thu, 30 Apr 2026 15:38:18 GMT

matthewcroughan@social.defenestrate.it — Thu, 30 Apr 2026 15:38:18 GMT

How come you're bothering to do it?