Many thanks, I now have my client application speaking to my Apache server and exchanging the certificates correctly. However, I am now trying to get the server to authenticate the client certificate. I understand that I can use an RCL file, but do not know how to get all the required certificate information into this file. If anyone has done this or can point me in the right direction I would be grateful. regards Andy Griffin Dr Stephen Henson wrote: > Andrew Griffin wrote: > > > > Hi, > > > > I've been trying to create my own Certificate Authority for testing > > purposes. I have created everything I need in oder to run the sign.sh > > script, however I do not have this script and can't figure out what > > parameters I need to pass to openssl ca. Can anyone shed some light on > > this. > > > > I have created a server key, agserver.key > > a server csr file agserver.csr > > a CA key agca.key > > and a CA crt file agca.crt. > > > > Well I wasn't going to mention this just yet but... > > I said some time ago that I was working on some documentation for the > openssl command. Well I've got the main commands done including the "big > three" (ca, x509 and req). It doesn't currently include the "even bigger > one" i.e. pkcs12 but thats documented elsewhere. > > The docs are currenly in POD format and look like Unix man pages: I'll > add them to them CVS tree in the next few days. Anyone that wants to > reformat them, make them look pretty, correct horrible grammar and > spelling should feel free to do so. I was more interested in getting the > basic info documented than anything else. > > I also learnt quite a few things I didn't know usually on the grounds of > "it doesn't *really* do that does it?" :-) > > In the meantime the scripts CA.pl and CA.sh call 'ca' with the right > arguments and theres some examples in my PKCS#12 FAQ (see homepage) > about how to use them. > > Steve. > -- > Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ > Personal Email: [EMAIL PROTECTED] > Senior crypto engineer, Celo Communications: http://www.celocom.com/ > Core developer of the OpenSSL project: http://www.openssl.org/ > Business Email: [EMAIL PROTECTED] PGP key: via homepage. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED]
begin:vcard n:Griffin;Andrew tel;home:0018 9722935 tel;work:0118 9245580 x-mozilla-html:FALSE adr:;;;;;; version:2.1 email;internet:[EMAIL PROTECTED] note:IMAP://ims1.uk.oracle.com?fetch>UID>/Personal>183&part=1.2 x-mozilla-cpt:;-25280 fn:Andrew Griffin end:vcard
