Certificate Authority

Overview

Oasys Certificate Authority

Oasys uses a private Certificate Authority (CA) to issue TLS certificates for internal services. The CA allows trusted HTTPS access across the network without relying on external certificate providers.

Purpose

Provide secure HTTPS for all internal domains
Support wildcard and service-specific certificates
Avoid browser warnings by distributing the root certificate to client devices
Maintain full control over certificate lifecycle and revocation

CA Structure

Root CA – Offline; used only to sign the Intermediate CA
Intermediate CA – Issues server certificates for internal services
Certificates follow standard X.509 specifications

Internal Domain Strategy

Wildcard certificate is used for the all private domains (*.oasys.cc) and mapped using internal DNS.

Trust Distribution

To ensure secure access without certificate errors, the root CA certificate is manually installed on trusted devices, including:

Workstations (macOS, Windows, Linux)
Mobile devices (iOS, Android)
Virtual machines and containers where required

Renewal and Revocation

Certificates will have a validity of 5 years

Backup and Security

Root key stored offline with encrypted backups
Intermediate and server keys restricted to minimal-access storage
Documentation maintained for recovery procedures

Edit this pageorReport an issue

Inventory

An inventory of all the hardware and software in Oasys

Root CA

Steps to setup the Root CA