Basic FAQs and HOWTOs
Ken Murchison
ken at oceana.com
Thu Feb 24 09:28:22 EST 2005
Kevin P. Fleming wrote:
> Craig White wrote:
>
>> My goal was to be my own CA - generate per user certificates and have
>> revocation rights. I haven't had many issues with creating certs for
>> various applications such as ldap/apache etc. I was looking for some
>> granular control for individual users.
>
>
> I do this manually using OpenSSL commands directly; it's really not that
> difficult. The biggest issue is ensuring that all your SSL/TLS-enabled
> services are aware of your CRL (revocation list). As best I can tell,
> Cyrus IMAP does not currently support a CRL, so you wouldn't be able to
> stop users from accessing your IMAP/POP servers using a cert you supplied.
This sounds interesting and potentially useful. Patches are always
welcome. ;)
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list