httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <madhusudan_mathiha...@hp.com>
Subject RE: SSL and certficates script
Date Thu, 22 Nov 2001 01:24:53 GMT
Sure deal.. I'll incorporate the CA cert., Client cert. generation also..
BTW, I was thinking of removing the "--type" option - are there any
objections ?..

-Madhu


-----Original Message-----
From: Gomez Henri [mailto:hgomez@slib.fr]
Sent: Wednesday, November 21, 2001 3:30 PM
To: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
Cc: 'dev@httpd.apache.org'
Subject: RE: SSL and certficates script


En réponse à "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)"
<madhusudan_mathihalli@hp.com>:

> The script is pretty similar to what we had for Apache 1.3.x.. You can
> get
> the usage details by "./mkcert.sh --help".. Pl. do let me know if the
> Usage
> details provided are not sufficient - I'll try to put in more details
> there..

I just want to say that this script is a SUPERB tool and everything
is present to have the graal of SSL certs.

We need a tool to generate :

1) a custom CA cert
2) custom server certs signed with that CA
3) client (browser) certs signed all with that CA

What will give Apache 2.0 a decent simple "PKI" and which will
be very usefull for small companies...


> The creation of a self-signed CA and a certificate are both linked
> together
> - it can be created by "./mkcert.sh --custom" or "./mkcert.sh
> --type=custom"..
> 
> Did you want to just create the self-signed CA certificate only, and
> NOT
> the
> server certificate ?.. If yes, then it's not possible with the current
> script.. I'm trying to make it more modular, so that you can have a
> mix-n-match of the functions.. 
> Also, I've changed the layout of the files to a certain extent - the
> .csr
> files now go into the conf/ssl.crt/ directory itself -if this is not
> okay, I
> can change it back to go to conf/ssl.csr/

The scripts I sent previously included code to generate the client
cert (PKCS12 format). I feel you have now everything to give AP2.0
its own little Cert Agency :)))))

Hope you could do that for us :)


-
Henri Gomez                 ___[_]____
EMAIL : hgomez@slib.fr        (. .)                     
PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 

Mime
View raw message