[cvsnt] sserver with self-signed certificates
Tony Hoyle
tony.hoyle at march-hare.com
Tue Mar 14 22:20:17 GMT 2006
Charles Oram wrote:
> OK, but is the server certificate that was generated with genkey is
> self-signed? Can I just make my own client certifcates that are signed
> with the server private key? And if so, how do you do it - can I just
> use the openssl tools?
> Thanks for your help.
>
genkey just creates a minimal certificate for first installation.. it's
adequeate for many people but isn't useful for client certificate use.
The openssl tools will do it - they come with scripts to make it simple
(this is easier on unix but I see no reason why they wouldn't work on
windows too.. you just need the ca.pl script).
There are probably tutorials online that explain it better, but it goes
something like:
ca.pl -newca (create the CA)
Find the CA certificate and call that ca.pem, put on server & clients.
ca.pl -newreq-nodes (request a new certificate for the server)
ca.pl -sign (sign it with your CA)
Put the certificate and private key on the server
Repeat the last two for each client
http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x160.html
http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x195.html
Tony
More information about the cvsnt
mailing list