And that's what steps 1 and 2 does -- create a CA private key and
its self-signed certificate...
On Mon, May 01, 2000 at 07:58:45AM +0800, Benjamin de los Angeles Jr. wrote:
>
> caveat: the CA certificate should be created before server certificates
>
> On Mon, 1 May 2000, Michael J. Maravillo wrote:
>
> > Hello Doc,
> >
> > Pardon me if this doesn't really answer the question... Though,
> > here's what I do when I create my own private CA and private
> > certificate for my web server. The good thing about these
> > procedures is that you can repeat steps 3 to 7 to generate
> > certificates for your other web servers and have them signed *by
> > the same* CA.
> >
> > Also, if you may want to function as some "real" private CA (sign
> > server and personal certificates) and do some certificate
> > management tasks, check out pyCA or OpenCA.
> >
> > HTH,
> > Mike
> >
> > # 0. install a mod_ssl patched apache using "make" and "make
> > # install" without running any of "make certificate ..." commands
> >
> > # 1. generate ca private key (ca.key)
> > /usr/local/ssl/bin/openssl genrsa -des3 -out ca.key 1024
> > # 2. generate ca certificate (ca.crt) signed with ca's own private
> > # key (ca.key)
> > /usr/local/ssl/bin/openssl req -new -x509 -days 365 -key ca.key -out ca.crt
[snipped]
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
