httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GOMEZ Henri <>
Subject RE: SSL and certficates script
Date Mon, 26 Nov 2001 07:16:07 GMT
Excellent works

I'll be happy to see it included in Apache 2.0 distribution.
With a few html/cgi stuff, it could be also used even by

Henri Gomez                 ___[_]____
EMAIL :        (. .)                     
PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 

>-----Original Message-----
>Sent: Friday, November 23, 2001 12:17 AM
>To: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1); 'Gomez Henri'
>Cc: ''
>Subject: RE: SSL and certficates script
>Okay.. here's a more refined version of the script - including 
>features for
>client / ca certificate generation.. I've tried to keep it simple and
>modular - pl. let me know if you have any feedback..
>-----Original Message-----
>From: Gomez Henri []
>Sent: Wednesday, November 21, 2001 3:30 PM
>Cc: ''
>Subject: RE: SSL and certficates script
>En réponse à "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)"
>> The script is pretty similar to what we had for Apache 
>1.3.x.. You can
>> get
>> the usage details by "./ --help".. Pl. do let me know if the
>> Usage
>> details provided are not sufficient - I'll try to put in more details
>> there..
>I just want to say that this script is a SUPERB tool and everything
>is present to have the graal of SSL certs.
>We need a tool to generate :
>1) a custom CA cert
>2) custom server certs signed with that CA
>3) client (browser) certs signed all with that CA
>What will give Apache 2.0 a decent simple "PKI" and which will
>be very usefull for small companies...
>> The creation of a self-signed CA and a certificate are both linked
>> together
>> - it can be created by "./ --custom" or "./
>> --type=custom"..
>> Did you want to just create the self-signed CA certificate only, and
>> NOT
>> the
>> server certificate ?.. If yes, then it's not possible with 
>the current
>> script.. I'm trying to make it more modular, so that you can have a
>> mix-n-match of the functions.. 
>> Also, I've changed the layout of the files to a certain extent - the
>> .csr
>> files now go into the conf/ssl.crt/ directory itself -if this is not
>> okay, I
>> can change it back to go to conf/ssl.csr/
>The scripts I sent previously included code to generate the client
>cert (PKCS12 format). I feel you have now everything to give AP2.0
>its own little Cert Agency :)))))
>Hope you could do that for us :)
>Henri Gomez                 ___[_]____
>EMAIL :        (. .)                     
>PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
>PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 

View raw message