Hello Apparently my original question was completely asinine...
I suppose what I really need help with is creating a CA that is somehow "chained" to a CA from another server ??? +CA - main server | +--CA - intermediate server | +----Cert signed by intermediate server, used to sign an email Let's say I have an email server on a host completely different from either server listed above. The mail server listens for incoming smtp mail, only processing messages that were signed by a "valid" CA above. 1) Does the client cert contain any information linking back to the main top level server? 2) (OR) Do I have to maintain a list of all the "valid" CA's on the mail server? 3) How can I create a CA on the intermediate server that is "signed" by the main server? This is kind-of like an Entrust cert that is below "GTE" in a CA chain. In my Internet searches for Chained CA's I only retrieve results to other sites that have chained CA's and how to import the chain of trust in the browser/server, etc. but I can't find any documentation with regards to actually creating them. Thanks! Waitman On Wed, 2002-11-27 at 11:32, Waitman C. Gobble, II wrote: > Hello > > I am new to openssl. > > I want to set up a system that is multi-tiered, with a master server > that has a self-created CA, intermediate servers that (possibly) have > their own CA's and clients that have certificates that are used to sign > outgoing email (from the client machine). > > Basically the system will (probably) NOT have a centralized database to > authenticate the signatures. The system should allow the intermediate > servers to distribute certificates to the clients. > > However some sort of trust must exist between the bottom client and the > top master server. All email will pass through the master server and > only mail from "trusted" sources will be allowed to pass through to > final destination. > > I have an idea in my head and need to work out the details. If you have > any suggestions or you can refer me to some useful documentation, I > would greatly appreciate it. > > Thanks and Best, -- Waitman C. Gobble, II <[EMAIL PROTECTED]> EMK Design
signature.asc
Description: This is a digitally signed message part
