Craig White wrote:
My goal was to be my own CA - generate per user certificates and have revocation rights. I haven't had many issues with creating certs for various applications such as ldap/apache etc. I was looking for some granular control for individual users.
I do this manually using OpenSSL commands directly; it's really not that difficult. The biggest issue is ensuring that all your SSL/TLS-enabled services are aware of your CRL (revocation list). As best I can tell, Cyrus IMAP does not currently support a CRL, so you wouldn't be able to stop users from accessing your IMAP/POP servers using a cert you supplied.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html