|Main Archive Page > Month Archives > engarde-users archives|
A few months ago I was struggling with creating certificates for apache and stunnel. I got good help from Alexander Leschinsky and Ryan, which resolved my issues. In return, I said I would write up what I learned, because documentation on this topic is sparse.
Well, here it is: http://www.binarytool.com/docs/ssl-cert-HOWTO.html
With this, anyone should be able to create and manage certificates as their own root CA for basic purposes.
This is still a work in progress. I have run it by the OpenSSL users list for feedback to make sure there is nothing egregiously wrong with it, and incorporated some feedback I got.
I would welcome any comments, particularly in the area of restricting what purposes the certificates are valid for. I haven't stumbled onto the list of valid options yet. (I will attack the Certificate Revocation List issues myself in the near future.)
The Binary Tool Foundry