On Thu, Mar 22, 2007 at 09:14:32PM +0100, Mladen Turk wrote: > Guenter Knauf wrote: > >Hi, > >>Should we add a cert-creation .sh and .vbs script to support/ for this > >>purpose (on any platform)? Sounds like a great idea to me! > >+1 from me. > >If you find my vbs useful then I will contribute it. > > I've spent a good time to find at least something working; > > Drop an eye on: > http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/examples/mkcerts?view=markup
- auto-generating dummy certs which claim to be issued by or to the ASF doesn't seem like a good idea at all - the only hostnames referenced should be `hostname` or localhost; this uses some "localhost.edu" in a few places - it's also a good idea to set a pseudo-random serial number on issued certs, e.g. use $RANDOM where available, fall back on $$/$PPID etc - also particularly odd to encrypt the file storing the private key joe