How to make cerificate for client installation?

Goetz Babin-Ebell goetz at shomitefo.de
Mon Oct 10 16:21:21 EDT 2005


lkolchin at univ.haifa.ac.il wrote:
> Hi,
Hello Leon,

> I've found this on http://www.nyetwork.org/wiki/ssl_root_ca_new
> 
> "Create a PKCS#7 format of the Root CA's public certificate:
> 
> This will allow clients to easily import it into their
> their PKI storage places, such as Outlook Express and Netscape.

This doc assumes an local root CA certificate that issued
you server certificate.

But you have a self signed server certificate.

> cd /usr/local/ssl.ca
> openssl crl2pkcs7 -nocrl -certfile ca.crt -outform DER -out ca.pkcs7
> 
> ca.pkcs7 will only contain the public portion of the CA's certificate,
> so you can email it to whomever with instructions on how to import it,
> put it up for download, or whatever."

> Any help?

Setup and administration is usually easier with an small root CA
cert that issues your server certs.

(Especially if you have more than one server.)

It is possible your client refuses to import host certificates as
CA certificates...

(By the way: I assume you really wanted to use the certificate to
  authenticate the server.
  Setup of client certificates (used to authenticate the client
  against the server _requires_ a CA...) is also possible.)

Bye

Goetz

-- 
DMCA: The greed of the few outweighs the freedom of the many
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3185 bytes
Desc: S/MIME Cryptographic Signature
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20051010/c7b5f2d0/smime.bin


More information about the Info-cyrus mailing list