Very clever, thanks for the tips. -David
--- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote: > On Wed, Nov 09, 2005, david kine wrote: > > > I've switched over to a Linux system running > OpenSSL > > 0.9.7a Feb 19 2003, and copied the CA.pl from > Solaris, > > now everything works fine. > > > > Going back to my original question, I need to > create a > > root CA, then create a server CA (signed with the > root > > CA), then create a server certificate (signed with > the > > server CA). > > > > Just like the examples in "Programming with SSL", > > pages 125 and 125. > > > > Then I will need to revoke the server CA and > create a > > crl. > > > > So my question is, given that CA.pl creates a root > CA, > > how do I create the server CA? Then create a > server > > certificate signed with the server CA? > > > > Create a new certificate request for the server CA. > Then sign it with: > > CA.pl -signca > > Then in a different directory run CA.pl -newca again > and supply it with the > server certificate filename. > > Then you will have two separate CA directories where > you can issue > certificates for each CA. > > If you want to revoke the server CA you would do > that from the root CA > directory using "openssl ca -revoke" and "openssl ca > -gencrl" > > Steve. > -- __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]