web 101

[David Bandel]

On 6/14/06, Roger Oberholtzer <roger at opq.se> wrote:
> On Wed, 2006-06-14 at 15:14 +1000, James McDonald wrote:
>
[snip]

>
> Finally, how did you generate the ssl certs?

Perhaps I need to write an SXS on creating SSL certs.  They can be a
pita.  However, a good way to learn this is to grab openvpn.  They
have some example scripts in an easyrsa directory that will clue you
in on the basics (and you can modify for your own purposes).  Just
start by modifying /etc/ssl/openssl.cnf and use the commands in the
various scripts.  Very briefly, you have to:
1.  create a CA (certificate authority -- your own)
2.  create self-signed certificates
3.  copy the appropriate certificates (ca.crt, yourserts.crt,
yourserts.key) where needed.
Big note:  the *.key files are sensitive and should only be
transmitted via secure channels.

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
            - Nemesis Air Racing Team motto