Home brew PKI

Welcome to the nissle.ch certification authority (CA), a Public Key Infrastructure (PKI) based on openssl.

This public key infrastructure (PKI) is mainly operated to encrypt mail and control access to my internal servers (https or vpn).

First of all you need to trust my root CA. Download the DER file containing the root CA and install it.

CA certificate (DER format) »

Install the certificate revocation list (CRL) to ensure you deal only with valid certificates. There is a DER CRL format and a PEM CRL format. Use the DER CRL by default and only if it is not working use the PEM one (this is depending on your operating system, browser, ...).

Revocation list (DER format) »

To request now your own certificate:

Chrome, Firefox, Safari, Opera generate certificate request »

Or fill out this form for Microsoft Internet Explorer. You will receive an email a few days later with your valid cerificate, if your identity could be checked.

To renew your certificate, just e-mail your certificate public key (or the certification ID) and you will receive by mail your renewed certificate.

There is a detailed description how to set up such a CA solution, please read this document (PDF).

For further information please visit Yet Another PKI - YAPKI, hosted by yafra.org

Some public keys:

Martin's Public Key »