Labels

Tuesday, June 10, 2025

Project #34 - Creating a Certificate Authority for the HomeLab Infrastructure

I have been needing for a long time to create a Certificate Authority so that I will not be using self signed certificates and simply avoiding the checks on various equipment.  This needs to change so that it provides a measure of security in the HomeLab that makes sense.

There have been a number of articles about creation of a Certificate Authority, however one in particular seems to be the one that I could use best.  The reason is that it provides intermediate certificate authorities. That article is at https://jamielinux.com/docs/openssl-certificate-authority/index.html.  I have made a pdf of that site to work its magic.

Obviously, this will require me to make some modifications to make it easier to accomplish, such as using some scripts for the process.  I might also make use of an ACME like internal Certificate Authority to automatically update the certificates. Note that this is in addition to the certificates already created in the Tailscale VPN implementation.

Posted by at
Labels: , , , ,

Trying to Get Back into the Groove of HomeLab

I admit it, I have been relaxed in updating this blog.  Lately it's been because of the death of an immediate member of my family and the birth of another. So, I have been experiencing the lows and highs of emotion.  However, I intend on getting back on task since I need to have a focus area.

I intend on revisiting the projects that I have not completed; dropping some, attacking the remainder, and coming up with new projects to keep the entry into HomeLab fully up to date.  I think that I will focus on three things:

  • Setting up a certificate authority/creation process so that all infrastructure is encrypted
  • Setting up a NAS for my HomeLab
  • Setting up PiHole so that I can use its features to start removing ads

Since I have the PiHole located in the Living Room, I will start there by connecting the PiHole to the FLINT router.  I am still going to use the DHCP server on the FLINT but may cause the DNS to come from the PiHole.

Posted by at
Labels: , , , ,
Subscribe to: Posts (Atom)