Hi,
Harnois Anne-Sophie wrote:
> Hi everybody,
>
> I hear about several methods for server's certificate creation.
> - one of them (through CA.pl) creates a root CA and then the server's
> certificate
> - an another one creates a root CA, then a server CA and finally the
> server's certificate.
> Why are there three stages? Is it useful? What is the best or the
> recommended method?
> Thanks a lot for your advices.
Well, it depends on what you are going to do with
the certificates. If you just need a simple
certificate for a standalone webserver, you can
even use a selfsigned certificate for the server
without any CA.
If you need to have client certificates for
authentication on a webserver, you can have a
client CA (and configure your server to accept
all certificates of this CA). You can even have
a CA for employees and another one for customers.
Maybe both are allowed to get access to certain
areas of the server, while only certificates of
the employees CA are allowed to access all
documents.
So having SubCAs is more an issue of your
organisational structure...
Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
