Hello,
On Wed, 11 Apr 2007, Alexander Klink wrote:
> > We would like to test a very simple root CA with 3 certs for protecting
> > a wireless network.
> What do you mean by "with 3 certs"?
Probably three sub-cas.
I'm wondering if there are any "best practices" for setting up a new CA
from scratch.
I remember your presentation on the 23C3 where you showed some cases so I
guess the following would be okay for servers and for differentiating
between access classes. Christian is probably thinking about something
like this:
Root Certificate
| | |
+--------------------+ | +--------------------+
| | |
Server CA Auth CA (User) Auth CA (Admins)
Or would you suggest a different setup?
> > What should be our next steps?
> I guess you are at pretty much the same point Robert was a few weeks
> ago, see the following posting:
> http://sourceforge.net/mailarchive/forum.php?thread_name=65187.194.250.170.166.1173976507.squirrel%40www.siaige.org&forum_name=openxpki-users
> In short, it boils down to: Generate a root certificate, import it into
> the database, make an alias for it and get going ...
If I'm reading you right you're suggesting that the certificate should be
generated by calling openssl directly and not through openxpki?
Any reason for this? I saw a bug that the keygeneration was broken, but
that has been fixed around svn revision 400.
regards,
andreas
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
