{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 仙女界的扛把子 的问题《Custom SSL Certificate Authority?》','https://www.manongdao.com/q-596726.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Is there a custom SSL certificate authority I can add to my browser?
We use lots of internal urls like
http://www.somproject.somebranch/ for working on individual branches
It would be cool if there was some service I could add to my browser/OS which would let me use a single cert (or easily generate certs) for non-real domains. Does this exist, or is this just a #firstworldproblem?
The point of a custom CA is that you have to create it yourself (by being the holder of the private key for the CA certificate, in particular). Importing just any available CA certificate into your browser would mean that anyone with its private key could issue certificates recognised by your browser (usually for any site, unless there is a specific policy).
There are a few tools to manage a CA:
CA.pl: it's a script that comes with OpenSSL. It's quite basic but highly configurable (viaopenssl.cnf).CA.pl.Most of the hard work is the administrative part (not so much sysadmin, but paperwork) in general. If it's just for you, EJBCA or OpenCA might be overkill.