This tutorial is a very good start, however, I have a couple suggestions. 1) Add more verbiage in the configuration files. I suggest pretending you're talking to a bright undergraduate student who knows nothing of either PKI or Openssl. That is, be a bit more pedantic in the presention of the material, and more exhaustive in the coverage of the material of interest. You have, after all, assumed the role of an educator, and that involves a different style of presentation from what you'd produce for an old pro. 2) Openssl is rarely used in a vacuum. Somehow, a user's email software has to be told about the user's email certificate. Similarly, a client side certificate for TLS has to be used within the user's browser, and the server has to both ask for it, and determine whether or not the certificate received is acceptable. And then there is the question of distributing certificates. For example, one use case will be to support requesting a clint side certificate over the web, with forms presenting a series of challenges and taking responses (and/or single use passwords), to create the request within the user's browser, and then the server has to take that request and produce and return the certificate. Such an example would need a number of CGI scripts, perhaps written in Perl, that check the data received and, depending on whether or not there is a problem, create the certificate and send it back. There woud also likely be a need to deal with the configuration, for example, of Apache's httpd server (or MS' IIS). Back when I was teaching, e.g. C++, I'd present the idea of functional requirements early, and always relate the code thestudents were learning to write back to functional requirements. So, in addition to the details of C++ syntax, the students would also learn something of UML modelling, requirements engineering, and a few common functional requirements either in scientific applications or business applications. As a former educator, I'd suggest it is just as important to treat why you do what you do, and how your work fits with the rest of your organizations needs as it is to show what to do.
Keep up the good work. Cheers Ted On Mon, Dec 17, 2012 at 9:23 AM, Stefan H. Holek <ste...@epy.co.at> wrote: > Hi All! > > I have been working on an OpenSSL PKI tutorial, and the time has come > where I would like to solicit feedback from the community. The tutorial > takes a somewhat novel approach without ever referring to openssl.cnf or > CA.pl (yuck). You can find it here: > > https://pki-tutorial.readthedocs.org/ > > I am particularily interested in three things: > > a) Is there anything blatantly wrong? > b) What do you think about the configuration files? > c) Would you like to see more examples added? > > Feel free to open tickets in the issue tracker [1] or just reply to the > list. > > Thank you, > Stefan > > [1] https://bitbucket.org/stefanholek/pki-tutorial/issues > > -- > Stefan H. Holek > ste...@epy.co.at > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- R.E.(Ted) Byers, Ph.D.,Ed.D. t...@merchantservicecorp.com CTO Merchant Services Corp. 17665 Leslie st., unit 30 Newmarket , Ontario L3Y 3E3