Basic FAQs and HOWTOs
Kevin P. Fleming
kpfleming at starnetworks.us
Thu Feb 24 02:07:34 EST 2005
Craig White wrote:
> My goal was to be my own CA - generate per user certificates and have
> revocation rights. I haven't had many issues with creating certs for
> various applications such as ldap/apache etc. I was looking for some
> granular control for individual users.
I do this manually using OpenSSL commands directly; it's really not that
difficult. The biggest issue is ensuring that all your SSL/TLS-enabled
services are aware of your CRL (revocation list). As best I can tell,
Cyrus IMAP does not currently support a CRL, so you wouldn't be able to
stop users from accessing your IMAP/POP servers using a cert you supplied.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list