web 101
Federico Voges
ftc
Wed Jun 14 08:57:54 PDT 2006
David Bandel wrote:
> On 6/14/06, Roger Oberholtzer <roger at opq.se> wrote:
>
>> On Wed, 2006-06-14 at 15:14 +1000, James McDonald wrote:
>>
>>
> [snip]
>
>
>> Finally, how did you generate the ssl certs?
>>
>
> Perhaps I need to write an SXS on creating SSL certs. They can be a
> pita. However, a good way to learn this is to grab openvpn. They
> have some example scripts in an easyrsa directory that will clue you
> in on the basics (and you can modify for your own purposes). Just
> start by modifying /etc/ssl/openssl.cnf and use the commands in the
> various scripts. Very briefly, you have to:
> 1. create a CA (certificate authority -- your own)
> 2. create self-signed certificates
> 3. copy the appropriate certificates (ca.crt, yourserts.crt,
> yourserts.key) where needed.
> Big note: the *.key files are sensitive and should only be
> transmitted via secure channels.
>
>
I've found this How to page to be useful:
http://www.tldp.org/HOWTO/SSL-RedHat-HOWTO-3.html
But there are 2 errors (the "rsa" is missing in the howto):
Adding a passphrase to a key:
openssl rsa -in filename.key -des3 -out newfilename.key
Removing the passphrase from a key:
openssl rsa -in filename.key -out newfilename.key
I've tried reporting them to the author but mail mail got bounced (looks
like the account is no longer active).
Cheers.
--
Federico Voges.
Running: Mac OS X 10.4.6 (build 8I127)
Kernel: 8.6.0 Power Macintosh
Procesor: PowerPC G4 @ 1.67GHz
Uptime: 16:54 up 12 days, 17:05, 3 users, load averages: 0.43 1.48 1.86
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.linux-sxs.org/pipermail/linux-users/attachments/20060614/9e54524e/attachment.htm
More information about the Linux-users
mailing list