PKI & TLS Security Lab

Organizations rely on certificates to establish trust between systems, encrypt traffic, and secure applications. I wanted to understand how certificates are created, issued, trusted, and managed so I built a local PKI environment.

Technologies Used: PKI, TLS/HTTPS, x.509 Certificates, Certificate Lifecycle concepts, OpenSSL, Local HTTP Server

Built a local Public Key Infrastructure (PKI) lab to simulate certificate issuance and secure communication workflows. Implemented a custom Certificate Authority, generated and signed certificates, deployed HTTPS locally, and validated trust relationships to gain hands-on experience with certificate lifecycle management and TLS security.

Key Features:

  • Root CA creation

  • Private key generation

  • CSR creation and signing

  • Local HTTPS deployment

  • Certificate trust validation

  • TLS encryption testing

  • Certificate lifecycle concepts

  • Terminal-based administration

Architecture:

  • Root Certificate CA (Trusted Authority)

    • Signs certificate

  • Server Certificate + Private Key

    • Enables HTTPS

  • Local HTTPS Server (localhost)

    • Encrypted TLS Traffic

  • Browser / Client Certificate Verify

Challenges & Solutions

  • Establishing trusted HTTPS communication through signed TLS certificates

  • Generating and managing server identity using Certificate Signing Requests (CSR)

  • Validating browser trust relationships through certificate verification

  • Troubleshooting local HTTPS and certificate configuration issues

What I Learned

  • How PKI establishes trust between systems

  • How TLS certificates are issued and validated

  • Why certificate lifecycle management matters

Future Improvements

  • Automate certificate issuance workflows

  • Build certificate expiration monitioring

  • Integrate with AWS certificate services

  • Explore Microsoft AD CS and enterprise CLM

  • Add Python automation for certificate provisioning