SSL certificates

[Kevin Druet]

I have compiled the source to include SSL support and am reading the installation notes, and seem to be confused.

Exactly what does this mean ?

"To create your freevsd certificate authority run a short script using the following command

$ /usr/sbin/vsd-genca.pl

Follow the Instructions on the screen and when prompted for information accept the default values."

My first Question is regarding the default values, so do I not put the relevant information in regarding country and so on ? and why  not ?

"To create certificates for the hosting server to communicate via SSL run another short script using the following command:

$/usr/sbin/vsd-genhostcert.pl

Follow the instructions on the screen as before. It is important that during the generation of the first certificate the common name is entered as the host server's name and that during the generation of the second certificate (the <root> certificate) the common name is entered as <root>."

This is the most confusing, am I to understand that when I go through the generation of the cert, that I would use calinux2 (the host server) for the first common name entry then when the second cert is being generated I enter <root>  in the place of the common name ?

assuming that I am supposed to use <root>  typed exactly as that and not interpreted to mean anything other then <root> something is not working for me.

I have gone through process of creating the VS cert by running the vsd-genvscert.pl script,

vsd-genvscert.pl calinux6

I then go through and enter the information

then I do,

vsdadm vs_create calinux2 calinux6 64.59.141.167 calinux6.calinuxsystems.com 3000 2000 

I am then presented with an error message similar to the one in the installation instructions,

error:02001002:system library:fopen: No such file or directory: (/usr/local/etc/vsd/client/calinux2/root.key)

I read the manual a little further and learn that this is the result of an inappropriate key generation, but what did I do wrong ? and further to this, with out the key generation complete I cant create VS's ?


Further to the use of pre built skels, I believe that when they were created, either the "-p" switch was not used during the tar process to preserve perms or  some other permissions issue is at hand, it seems that many many files and so on have the wrong permissions and as a result render the skels fairly useless.

Regards
Kevin Druet
CIO CA Linux Systems