Deutsch | English

[Ach] Help: Creating my own certificates for my own server

Torge Riedel torgeriedel at
Wed Nov 12 20:01:40 CET 2014



- My own server
- Don't want to buy a cert, since server is in use only for my own "services" used by my family and me
- The server hosts some web sites using apache (<mydomain>.de, www.<mydomain>.de, <subdomain1>.<mydomain>.de, <subdomain2>.<mydomain>.de, ...)
- My own mail service (postfix, dovecot)

At the beginning I created my own root cert, certs for each service, ...
As I learned from, talking to others and checking my server with several tools, that this was not a good decision.

First: The cert was created using SHA1 which is reported as weak.
Second: Creating an own root cert may be a security risk due to MITM attacks if all users of my services will add it to the trust list.

Please help or give hints, what is the best practice to create the cert(s) in this scenario.

Thanks in advance

More information about the Ach mailing list
Tel.: +43 1 5056416 78
mehr ...
mehr ...
mehr ...
Jahresbericht 2017
Ein Resumee zur digitalen Sicherheitslage in Österreich

Letzte Änderung: 2018/5/28 - 15:00:00
Haftungsausschluss / Datenschutzerklärung