Introduction
Digital Certificates are needed everywhere in today's world. They are used to enable SSL-protected web traffic, e-mail encryption and other technologies.
To get a digital certificate, you'll either have to order one from a commercial provider such as Verisign who usually charges $$$, or you have to install, configure and run your own certificate authority. This costs also $$ and, at the very least is something more you need to learn and manage, which is time and resource consuming. Often we don't need the extensive functionality and complexity of a full CA management system with its distributed structure, separation of requestor and signer and the database structures to manage it all.
For these reasons I wrote WebCert as a lightweight self-service application. It allows me to quickly generate certificates on my own, and to enable my colleagues without knowledge of the details to do so as well. The first version became an instant hit with over 300 certificate generations per year. It encouraged me to improve it to the version you see here.
WebCert is using the OpenSSL libraries for certificate operations. It is not just a frontend to the OpenSSL program, but independently written. It only requires standard C libraries, the OpenSSL libraries and the CGIC library from Thomas Boutell. No, you don't need to maintain any of the web-application enabling technologies like JSP, PHP, Phyton... and no database is required, either. WebCert is using simple CGI technology for easiest installation and maintenance.
External Dependencies:
- Thomas Boutell's CGIC library, see http://www.boutell.com/cgic/
- OpenSSL libary and headers, see http://www.openssl.org/
Configuration
Apart from the Makefiles in the root and src/ dirextories, check the file webcert.h in the src/ directory. The upper section can be configured to set the URL location and the default webcert parameters.
Making and installing WebCert
- vi Makefile and src/Makefile to adjust various path's for cgi and html destinations and ssl include and library directories
- vi src/webcert.h to adjust the path's for your webserver and cert store (if you have one - for listing of local certificate copies)
- vi src/certsign.h if you want to adjust certificate properties such as lifetime, extensions, comments, etc\
- make && make install
- The application is expected to be accessed via URL http://
/webcert. - don't forget to enable the cgi directory in your webserver, i.e. in apache's httpd.conf add the line: ScriptAlias /webcert/cgi-bin/ "/var/apache/htdocs/webcert/cgi-bin/"
A more complete installation procedure is here.
Security
It is highly adviseable to provide access control and SSL encryption to the WebCert interface for any use other then experimental. The webserver writeable certificate and export directory should be secured (i.e. by a Apache
Copyright and License
WebCert was written by Frank4DD. It is distributed under the GPL. Anybody may reproduce it, use it, send it, print it, transfer on a T-shirt, etc. without modifying its content or removing the copyright.
Legal Disclaimer
Of course this software and its created certificates come WITHOUT ANY WARRANTY.
Thanks and Credits
- to Thomas Boutell for providing the CGIC library
- to the authors of O'Reilly's book "Network Security with OpenSSL", who provided a guiding "light" in the OpenSSL jungle. to the authors of OpenSSL, whose code ensures that only the true & dedicated will learn its power ;-)
CGIC, copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002 by Thomas Boutell and Boutell.Com, Inc.. Permission is granted to use CGIC in any application, commercial or noncommercial, at no cost. HOWEVER, this copyright paragraph must appear on a "credits" page accessible in the public online and offline documentation of the program. Modified versions of the CGIC library should not be distributed without the attachment of a clear statement regarding the author of the modifications, and this notice may in no case be removed. Modifications may also be submitted to the author for inclusion in the main CGIC distribution.
Enjoy WebCert!
Contact and Appreciation
Please send your comments and complaints to support[at]frank4dd.com and be patient with me for a response.
If you want to do something really nice and encouraging besides just saying "Thanks", send me a photo picture of the area you are living in, either your town, your work, local sights or of your neighborhood. I enjoy collecting pictures from all over the world, and maybe I'll start a gallery.