About
Memeoutpost.org certificate authority is a private certificate authority that issues end-entity X509v3 certificates. You can request any type of end-entity certificate. It can be a client certificate, code signing certificate, server certificate, etc. When you are creating the CSR, just make sure to pass the x509v3 extensions that you want to use. When you create the CSR, send it over to me at chriswmorris@protonmail.ch.

Since this is not a public CA, you will have to manually trust this CA in your trust store for your device or browser. We reccomend to trust the Root CA. Here is how you can trust the Root CA for various devices: Firefox and Chrome, Windows, Ubuntu Linux

A good way to decode these certificates if you wish to view their details is to use OpenSSL or Decoder.link. With OpenSSL, the command is:

openssl x509 -in memeoutpost-root-ca.pem -noout -text

Secure your stuff with us! :)
-Chris







How to Request a Certificate

1) Create a Private Key

You will need to generate a private key. There's a ton of different algorithms you can use. For this example, I'm just going to use RSA to keep things simple. If you want to use EC, go for it. Please note that in this example, I'm going to use openssl to generate the private key.


This will create an AES-256 wrapped RSA-2048 private key.

openssl genrsa -aes256 -out privatekey.pem 2048

If you would like to generate a plaintext private key, just omit the -aes256 parameter

openssl genrsa -out privatekey.pem 2048


2) Create a CSR


This will create the actual CSR

openssl req -new -sha256 -key my -out myrequest.csr

Then, just to confirm the details, you can decode it with this command

openssl req -noout -text -in myrequest.csr

3) Validate your Domain


In order to prove that you own a domain, please paste in this TXT record in your DNS records. If this is not for a domain, you will have to prove your identity to me somehow.

"Memeoutpost.org Rocks"

An example of this can be found when querying Memeoutpost.org, like so...

dig memeoutpost.org txt

The output should look like this...

;; QUESTION SECTION:
;memeoutpost.org. IN TXT

;; ANSWER SECTION:
memeoutpost.org. 54 IN TXT "Memeoutpost.org Rocks!"


4) Send the CSR to your boi, Chris

Just like it says, send the CSR to me -> chriswmorris@protonmail.ch
I'll review it and sign it if it looks gucci. I will also check your dns records to see if the TXT record is in your domain.