Yes, but my point is if you're going to regenerate the CA
certificate/key for some reason. You have to regenerate a new
key/certificate for the servers, it's easy to forget this part.
On Mon, 1 May 2000, Michael J. Maravillo wrote:
> And that's what steps 1 and 2 does -- create a CA private key and
> its self-signed certificate...
>
> On Mon, May 01, 2000 at 07:58:45AM +0800, Benjamin de los Angeles Jr. wrote:
> >
> > caveat: the CA certificate should be created before server certificates
> >
> > On Mon, 1 May 2000, Michael J. Maravillo wrote:
> >
> > > Hello Doc,
> > >
> > > Pardon me if this doesn't really answer the question... Though,
> > > here's what I do when I create my own private CA and private
> > > certificate for my web server. The good thing about these
> > > procedures is that you can repeat steps 3 to 7 to generate
> > > certificates for your other web servers and have them signed *by
> > > the same* CA.
> > >
> > > Also, if you may want to function as some "real" private CA (sign
> > > server and personal certificates) and do some certificate
> > > management tasks, check out pyCA or OpenCA.
> > >
> > > HTH,
> > > Mike
> > >
> > > # 0. install a mod_ssl patched apache using "make" and "make
> > > # install" without running any of "make certificate ..." commands
> > >
> > > # 1. generate ca private key (ca.key)
> > > /usr/local/ssl/bin/openssl genrsa -des3 -out ca.key 1024
> > > # 2. generate ca certificate (ca.crt) signed with ca's own private
> > > # key (ca.key)
> > > /usr/local/ssl/bin/openssl req -new -x509 -days 365 -key ca.key -out ca.crt
> [snipped]
>
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
