Re: make certificate not working

Tue, 25 Apr 2000 03:08:39 -0700

Title: Re: make certificate not working
on 24/4/00 4:03 AM, [EMAIL PROTECTED] at [EMAIL PROTECTED] wrote:

Thanx to every one who provided tips on openssl. Special thanx to Steven Wold for taking me out of the dark and showing me the key and csr commands.
Well I worked around make certificate by using tips I got from Steven and openssl doc's <http://www.openssl.org/doc/apps/openssl.html> . I used the rpm's from ftp.zedz.net <ftp://ftp.zedz.net>  to install apache-ssl with openssl so using make cert was really useless.
Here are the command that I used to create keys, csr's and cert's
  1. Change directory into the target directory then type openssl. You will see a command prompt  like this: "openssl>".
  2. Type "genrsa -des3 -out server.key 1024". Watch your system make a key. Nice!
  3. Type "req -new -key server.key -out server.csr". Be ready to answer the questions in /var/ssl/openssl.conf. For common name be sure to type the name of your site. Like so: www.yourdomaine.com <http://www.yourdomaine.com>  or http://servername.domainename.com depending on the site name as long as it is a fully qualified domain name. It's is easy so don't worry.
  4. To make my cert's I used "req -x509 -key server.key -in server.csr -out server.crt".

Try the scripts that I compiled/edit/written. It is  'ssl.ca-0.1.tar.gz". I have uploaded it to modssl contrib section. Or you can download from here,

   http://www.md.com.my/pub/linux/md/ssl.ca-0.1.tar.gz

The script will show you how to create Root CA, Server Cert and User Cert. I also include the SXNet ID usage but not been utilitized yet.

I hope there is a web based certificate request, signing, etc thing availabe under GNU licensing. I will join that development if there is one and time allows. If not, I am thinking to start one. I will use plain C and standard CGI. If you are more experience in doing this, please advise.

Thanks.


______________________________________________________________________
Yeak Nai Siew      [NIC:NY628] << Mac OS Forever >> << Linux Forever>>
([EMAIL PROTECTED] | [EMAIL PROTECTED])                  http://www.md.com.my/
e-certificate      http://www.brainbench.com/transcript.jsp?pid=120196
ICQ#: 13391181                                Chief Technology Officer

Reply via email to