On 2005-02-22, Craig White <[EMAIL PROTECTED]> wrote: > now going a bit off topic - I installed tinyca and it seems to be the > type of thing that I could really use - of course, I need to know how to > use it. > > The web site doesn't show a mailing list and I would love to see traffic > on how people use it - is there somewhere that the usage is discussed - > besides the openssl list?
Not that I've found. The lack of introductory material intimidated me at first too, but at some point I had one of those rare confluences of focus and lucidity... (Or, maybe I did find an introductory doc and have just forgotten.) Basically, think of the process you have to go to get a cert from an established CA--generate a key and CSR. You give the CSR to the root CA and the root CA gives you a cert back. So, you've got half of it. Now to play the root CA part, you've got to generate your root CA key and certificate, which I think TinyCA does when you first start it. Then, there's a place to import a CSR and generate a certificate from that. You put that certificate in the appropriate place on the web server (or whereever) and you've got it. Finally, you need to make the root certificate available to clients--they'll have to import it initially, so it may not be better than self-signed certs, depending on your usage patterns. All I've done it export the root certificate and put it on a publicly-accessible web server, naming it with a .crt extension, which should be configured with the right MIME type in Apache; if not, this should do it: AddType application/x-x509-ca-cert .crt Browsers will recognize this MIME type and prompt you to import and trust the cert. Then, any certificates signed with this certificate will be recognized. Well, this has all been off the top of my head, which is ill, so try to fill in anything that seems nonsensical. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting http://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
