[plug] ssl, certificates, authotities etc

Craig Ringer craig at postnewspapers.com.au
Fri Jul 23 13:13:04 WST 2004


On Fri, 2004-07-23 at 11:52, Steve Boak wrote:
> My brain is full :-)
> 
> Can anyone point me to human readable documentation on how to set up my own 
> ssl certificates and how to get them signed? I have googled and read lots, 
> but I am now more confused about the whole thing than when I started.

Are you looking to set up a private certificate authority that can sign
other certificates, or are you just looking to create a certificate
request and key you can send off to a CA to have signed?

If the latter, any CA's website should have the required info.

If you're looking to set up a private CA, then I share your pain
regarding documentation. It all turns out to be reasonably simple to do,
but the documentation I found was all written with the assumption that
you already understood OpenSSL and the major aspects of certificates.
Unfortunately, I don't remember the details of how I set up my CA cert
well enough to be comfortable trying to explain - I'd probably get it
wrong and confuse you even more.

A private CA is useful for all sorts of things. I use mine for creating
server certificates for your internal services on the LAN so I can use
SSL. I also create client certificates for my users so I can have more
strict control over remote access to mail and the intranet web server
(neither of which will even _talk_ to a remote user unless they have a
valid client cert).

--
Craig Ringer




More information about the plug mailing list