Sure deal.. I'll incorporate the CA cert., Client cert. generation also.. BTW, I was thinking of removing the "--type" option - are there any objections ?..
-Madhu -----Original Message----- From: Gomez Henri [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 3:30 PM To: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) Cc: '[EMAIL PROTECTED]' Subject: RE: SSL and certficates script En r�ponse � "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <[EMAIL PROTECTED]>: > The script is pretty similar to what we had for Apache 1.3.x.. You can > get > the usage details by "./mkcert.sh --help".. Pl. do let me know if the > Usage > details provided are not sufficient - I'll try to put in more details > there.. I just want to say that this script is a SUPERB tool and everything is present to have the graal of SSL certs. We need a tool to generate : 1) a custom CA cert 2) custom server certs signed with that CA 3) client (browser) certs signed all with that CA What will give Apache 2.0 a decent simple "PKI" and which will be very usefull for small companies... > The creation of a self-signed CA and a certificate are both linked > together > - it can be created by "./mkcert.sh --custom" or "./mkcert.sh > --type=custom".. > > Did you want to just create the self-signed CA certificate only, and > NOT > the > server certificate ?.. If yes, then it's not possible with the current > script.. I'm trying to make it more modular, so that you can have a > mix-n-match of the functions.. > Also, I've changed the layout of the files to a certain extent - the > .csr > files now go into the conf/ssl.crt/ directory itself -if this is not > okay, I > can change it back to go to conf/ssl.csr/ The scripts I sent previously included code to generate the client cert (PKCS12 format). I feel you have now everything to give AP2.0 its own little Cert Agency :))))) Hope you could do that for us :) - Henri Gomez ___[_]____ EMAIL : [EMAIL PROTECTED] (. .) PGP KEY : 697ECEDD ...oOOo..(_)..oOOo... PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
