Setting up a certificate authority in simple terms

One way to secure a VPN is to issue digital certificates to handle digital signatures as an authentication method and to distribute encryption keys. But according to many users, setting up a certificate authority, even one that ships with a vendor’s VPN gear, is not always simple.

To address this problem, the VPN Consortium (VPNC) has posted freeware called SimpleCA that anyone can download at https://www.vpnc.org/SimpleCA/ 

The VPNC claims the software is flexible and, as the name suggests, simple to use. While it was intended for vendors to offer to their customers, customers can jump in all by themselves and use it.

VPNC says the software was created so a relatively naïve system administrator could start generating certificates. “The sysadmin can start writing certificates without knowing much,” according to the VPNC, if the admin accepts default settings.

The consortium admits the software doesn’t have all the bells and whistles that commercial certificate authority software contains, but the goal is basic: get customers to use certificates. In the true freeware spirit, the VPNC says it will add more features as users of SimpleCA call for them.

The downloads include instructions on how to build a CA using the free software and further instructions on how to use it. SimpleCA is available for Linux, Windows and FreeBSD devices.

For those who own VPN gear that came with its own CA but never figured out how to use it, this may be a way to ease into it inexpensively if they can spare the time.