[Ach] Help: Creating my own certificates for my own server

Torge Riedel torgeriedel at gmx.de
Wed Nov 12 20:01:40 CET 2014



- My own server
- Don't want to buy a cert, since server is in use only for my own "services" used by my family and me
- The server hosts some web sites using apache (<mydomain>.de, www.<mydomain>.de, <subdomain1>.<mydomain>.de, <subdomain2>.<mydomain>.de, ...)
- My own mail service (postfix, dovecot)

At the beginning I created my own root cert, certs for each service, ...
As I learned from bettercrypto.org, talking to others and checking my server with several tools, that this was not a good decision.

First: The cert was created using SHA1 which is reported as weak.
Second: Creating an own root cert may be a security risk due to MITM attacks if all users of my services will add it to the trust list.

Please help or give hints, what is the best practice to create the cert(s) in this scenario.

Thanks in advance

More information about the Ach mailing list