Re: SSL cert & key generation on an appliance

[Mike Klein]

What you found is for self-signed certificates...not sure if this is 
what you want. Kind of too simplistic. What most faqs should steer 
useres towards is not self-signed server certs, but a self-signed 
ca...from which all else derives.

In my server setup for my home office/lab...I have a self-signed CA, 
which signs certificates for the principles in my network (servers and 
users).

I think this is more what you want...a self-signed CA only.

When doing ssl auth, or smime/etc. it's much easier to just have your 
users import your self-signed ca cert just one and then everything else 
is all good/accepted.

Check out the numerous perl ssl routines on cpan. Here's a perl intf to 
openssl:

http://search.cpan.org/~madwolf/OpenCA-OpenSSL-0.9.91/OpenSSL.pod

The above states that it is merely a command-line intf to openssl (via 
perl of course). The apis look quite simple.

cheers,

mike

Rob Patrick wrote:

Found a solution in the list archives from last month.

http://www.moser-willi.at/doc/howto/docs/AutoSSL/

That script works great!!!   Thanks much.

----- Original Message ----- 
From: "Waitman C. Gobble, II" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 15, 2003 12:28 AM
Subject: RE: SSL cert & key generation on an appliance

 

Hello,

I am positive that there is a perl module, there just has to be. I
haven't used it though.
If you aren't exactly stuck on perl, you might have a look at the
openssl functions in php:
http://us3.php.net/manual/en/ref.openssl.php

Take care,

Waitman Gobble
EMK Design
Telephone (714) 522-2528
Toll Free (877) 290-2768
http://emkdesign.com
.......................................

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rob Patrick
Sent: Tuesday, October 14, 2003 9:08 PM
To: [EMAIL PROTECTED]
Subject: SSL cert & key generation on an appliance
Hello,

We're looking to deploy Linux-based security appliances that only
provide the end-user with a web front-end.
We want the end-user to have the ability to generate new (self-signed)
certificates and SSL keys to be used on the appliance under Apache
mod_ssl once installed.
I'm betting somebody else has already solved this...  how do you
generate certs and keys without access to the interactive command line?
Essentially, I'm looking for a shell script, some Perl, or another
method to perform cert and key generation in an automated fashion,
driven by input submitted by a user via the web.
From what I can gather with the cmd-line utilities provided by OpenSSL,
interactive command-line access is required.
If there's an easier way than wrapping the OpenSSL cmd-line utilities
with Net::Telnet and IO::Pty, please tell me!
Thanks,

-Rob Patrick

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
   

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
 



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]