Basic FAQs and HOWTOs

Wil Cooley wcooley at nakedape.cc
Tue Feb 22 18:42:25 EST 2005 

On 2005-02-22, Craig White <craigwhite at azapple.com> wrote:

> now going a bit off topic - I installed tinyca and it seems to be the
> type of thing that I could really use - of course, I need to know how to
> use it.
>
> The web site doesn't show a mailing list and I would love to see traffic
> on how people use it - is there somewhere that the usage is discussed -
> besides the openssl list?

Not that I've found.  The lack of introductory material intimidated me at
first too, but at some point I had one of those rare confluences of focus and
lucidity... (Or, maybe I did find an introductory doc and have just forgotten.)

Basically, think of the process you have to go to get a cert from an
established CA--generate a key and CSR.  You give the CSR to the root CA
and the root CA gives you a cert back.  So, you've got half of it.

Now to play the root CA part, you've got to generate your root CA key
and certificate, which I think TinyCA does when you first start it.  Then,
there's a place to import a CSR and generate a certificate from that.  You put
that certificate in the appropriate place on the web server (or whereever)
and you've got it.

Finally, you need to make the root certificate available to clients--they'll
have to import it initially, so it may not be better than self-signed certs,
depending on your usage patterns.  All I've done it export the root
certificate and put it on a publicly-accessible web server, naming it
with a .crt extension, which should be configured with the right MIME
type in Apache; if not, this should do it:

AddType application/x-x509-ca-cert .crt

Browsers will recognize this MIME type and prompt you to import and
trust the cert.  Then, any certificates signed with this certificate
will be recognized.

Well, this has all been off the top of my head, which is ill, so try to
fill in anything that seems nonsensical.

Wil
-- 
Wil Cooley                                 wcooley at nakedape.cc
Naked Ape Consulting                        http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list