Michael Stroeder at Propack-Data GmbH asked:
>
> Well, after playing around I want to work with it. I have several
> questions concering options in the ssleay.cnf. I'm wondering how to set up
> different kinds (levels) of certificates. Do I use the policy-Options in
> ssleay.cnf or do I have to set up several CA's with different ssleay.cnf's
> for this?
>
Andrew W. Gray replied:
>
> when you run ca to do the signing try using the -config
> option pointing to various ssleay.cnf files for whatever options
> you need for the current ca sign ioperation
>
> i.e. ca -in client_req.pem -out client_cert.pem -config ssleay_client_cert_config.cnf
>
> or ca -in server_req.pem -out server_cert.pem -config ssleay_server_cert_config.cnf
>
> Might want to read ca.1 in the docs directory too if you havewn't already.
>
I wouldn't do this. The ca cmd has a lot of wonderful, flexible options.
Try ssleay ca -h ;-)
The interesting ones are:
-name arg - The particular CA definition to use
-policy arg - The CA 'policy' to support
BTW understanding German you could check out
http://www.heise.de/ix/artikel/1997/04/176/default.html
There are the cmd-line options and their relation to the config
fiel options explained.
And yes, while we are at it. Any voluntary to translate it into
English (for the FAQ)? I still had no time...
--
read you later - Holger Reif
------------------------------------ Signaturprojekt Deutsche Einheit
TU Ilmenau - Informatik - Telematik (Verdamp lang her)
[EMAIL PROTECTED] Alt wie ein Baum werden, um ueber
Remus.PrakInf.TU-Ilmenau.DE/Reif/ alle 7 Bruecken gehen zu koennen
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
