We use Certificate Authorities indirectly every day while checking webmail and giving minimal thought to the authenticity of the page we’re reading from. Moxie Marlinspike talked about the flaws in the current trust in root CAs at BlackHat USA 2011. While flawed, certificate authorities can still be incredibly useful on a private level. Certificates can be used to authenticate users to VPNs, sign emails between users and organizations using s/MIME, enhance/substitute for password logins on websites, amongst other uses.
In my frustration while attempting to create and manage CAs for some of the above mentioned purposes I decided to fork and enhance the CA.sh script that openSSL ships with. I am currently working on fixing bugs, adding better error checking, extra features, and better usability. I have dubbed the CA.sh fork psyCA and has no dependencies except for OpenSSL and a POSIX shell.
Installation: installing the script consists of cloning the git repository
git clone git://github.com/psych0tik/psyCA.git chmod +x psyCA/CA.sh
If you would like to contribute changes to the script or the default openssl.cnf please fork our repository and send us pull requests if you’re a GitHub user or email your patches to me or the psych0tik-list mailing list if you’re not a GitHub user.