Hi, i thank you for the info that you kindly sent me, you say as follow:
> kiwi.crt www.kiwi.com certificate (sent with SSL requests)
this was taken from your mail and i don't understand what do you mean with
sent with SSL request, at that point, you have de kiwi's certificate created
by your CA, how you send it back to kiwi's server and how kiwi sent you its
csr, the process of sending is what i don't know how to do it, please help
me.
Regarding my original question, i don't have a crl in my CA installation,
can i just create a file and name it ca.crl???, or something went wrong in
my setting up?? and finally, how can i revocate a certificate??, please help
me.
thanks.
Juan Carlos Albores Aguilar
----- Original Message -----
From: "Owen Boyle" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 24, 2001 2:31 AM
Subject: Re: No CRL
> Juan Carlos Albores Aguilar wrote:
> >
> > I have a system with apache and modssl 2.6 and i've created my own CA
> > but i don't find the CRL, as i've read, i should have a ca.crl file
> > wich i don't have, should i create it?? or something is wrong with my
> > setting up, please help me, thanks
>
> Here are my notes from when I made self-signed certificates for my
> set-up. I hope this helps.
>
> Rgds,
>
> Owen Boyle.
>
>
> Making self signed certificates:
> ++++++++++++++++++++++++++++++++
>
> NB: These certificates contain no pass-phrase so do not need user input
> when you start apache. Also, can be used by any server...
>
> 1) Make a random data file and set it up as $RANDFILE
>
> # cd /home/apache/ssl/certs
> # PATH=$PATH:/home/apache/bin
> # export PATH
> # cp /var/cron/olog temp
> # gzip temp
> # mv temp.gz random_data
> # RANDFILE=/home/apache/ssl/certs/random_data
> # export RANDFILE
>
> 2) Create a RSA private key and certificate for our Certificate
> Authority
>
> # openssl genrsa -des3 -out ca.key 1024
> password is "CA_PASSWORD"
> Now make the certificate using the private key.
> # openssl req -new -x509 -days 365 -key ca.key -out ca.crt
>
> 3) Now make a Certificate Signing Request for www.kiwi.com
>
> # openssl genrsa -des3 -out kiwi.key 1024
> # openssl rsa -in kiwi.key -out banana
> # mv banana kiwi.key
> # openssl req -new -key kiwi.key -out kiwi.csr
>
> 4) And sign it
>
> # ./sign.sh kiwi.csr
>
> Now we have
>
> ca.crt Certificate Authority certificate
> ca.db.certs ) CA databases, holding
> ca.db.index ) details of certificates
> ca.db.serial ) issued
> ca.key Certificate Authority private key
> random_data for random routines
> sign.sh script for signing certificates
> kiwi.crt www.kiwi.com certificate (sent with SSL requests)
> kiwi.csr KIWI certificate signing request (not really needed anymore)
> kiwi.key www.kiwi.com private key (decrypts public-key encoded messages)
>
> - summary of commands
>
> # openssl genrsa -des3 -out www.kiwi.com.key 1024
> # openssl rsa -in www.kiwi.com.key -out banana
> # mv banana www.kiwi.com.key
> # openssl req -new -key www.kiwi.com.key -out www.kiwi.com.csr
> # ./sign.sh www.kiwi.com.csr
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
