I've found the alternative to self-signing (namely signing with your
own CA) to be a potentially great path for the web application that we
develop; however I can't quite figure out how exactly to tweak the
configuration file to get what I want. It is hard (impossible?) to find
any detailed information about each of the directives in that file.
Basically, I've successfully(?) created my own CA (the certificate is
able to be installed automatically as trusted root, and everything), but
when I go to sign or use a server certificate (for the end-user) using
that, I get problems.
In order to attempt all this voodoo, I've basically created two separate
directories (one for my CA and another for my end-user certificates)...
each containing their own directory structure (private, certs, etc.) and
their own openssl config files. Is this the right approach, first of
all? I assume since the CA has its own unique configuration directives
(e.g. CA=True), the end-user cert should be different... right?
So, first, I want to make sure I am creating the CA keys properly....
Can someone provide a list of configuration directives (or link to them)
that are necessary for a CA in my type of situation?
I at least know CA=True and keyUsage needs to include certSign (many
thanks to Patrick!)... but what, if anything, else?
Then, same for the end-user certificates... anything special there?
Thanks!
Chris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
