[TriLUG] any OpenSSL/cert experts out there?
Ric Moore via TriLUG
trilug at trilug.org
Mon May 25 01:36:22 EDT 2015
On 05/23/2015 05:55 PM, Alan Porter wrote:
>
>> It would be nice if this process would be simplified. Ric
>
> One problem I have run into is that most scripts that you find
> online secretly rely on some special settings in the author's
> openssl.conf file. It's maddening to work through an example
> and it just does not work like the author's example.
>
> So I created a script that does not rely on any presets. It
> creates a temporary openssl.conf file and uses those settings
> while running, and then deletes the file.
>
> https://github.com/sudoer/sslcerts
>
> The three things that this script does are (1) create a CA
> certificate (2) create a domain certificate and (3) sign the
> domain certificate with the CA certificate. I use these for
> my own CA.
>
> It also handles multi-domain certificates, using subAltName.
> That is, one cert can be used for several domains and sub-
> domains.
>
> I would like to add a better validation chain... I hear that
> "real" CAs use a CA cert, then a signing cert, and then your
> certs. Mine only has the two levels.
>
> By the way, this is the script that I used to create our
> domain certs at TriLUG.org. But we have them signed by
> StartCom (startssl.com) instead of being signed by our own
> CA.
>
>
> Alan
Thank you! This will give me something to play with tomorrow. Ric
--
My father, Victor Moore (Vic) used to say:
"There are two Great Sins in the world...
..the Sin of Ignorance, and the Sin of Stupidity.
Only the former may be overcome." R.I.P. Dad.
http://linuxcounter.net/user/44256.html
More information about the TriLUG
mailing list