Very clever, thanks for the tips.
-David
--- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
> On Wed, Nov 09, 2005, david kine wrote:
>
> > I've switched over to a Linux system running
> OpenSSL
> > 0.9.7a Feb 19 2003, and copied the CA.pl from
> Solaris,
> > now everything works fine.
> >
> > Going back to my original question, I need to
> create a
> > root CA, then create a server CA (signed with the
> root
> > CA), then create a server certificate (signed with
> the
> > server CA).
> >
> > Just like the examples in "Programming with SSL",
> > pages 125 and 125.
> >
> > Then I will need to revoke the server CA and
> create a
> > crl.
> >
> > So my question is, given that CA.pl creates a root
> CA,
> > how do I create the server CA? Then create a
> server
> > certificate signed with the server CA?
> >
>
> Create a new certificate request for the server CA.
> Then sign it with:
>
> CA.pl -signca
>
> Then in a different directory run CA.pl -newca again
> and supply it with the
> server certificate filename.
>
> Then you will have two separate CA directories where
> you can issue
> certificates for each CA.
>
> If you want to revoke the server CA you would do
> that from the root CA
> directory using "openssl ca -revoke" and "openssl ca
> -gencrl"
>
> Steve.
> --
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
