[clue-admin] Cert for TLS.
Jed S. Baer
thag at frii.com
Sun Jul 9 22:14:05 MDT 2006
On Sat, 08 Jul 2006 22:45:09 -0600
David L. Anselmi wrote:
> If you want me to pull the relevant parts out of the OpenVPN scripts,
> let me know.
Well, the process looks easy enough, although I think what I'm finding is
your option 2 -- "making a CA key pair (self-signing the CA cert)
and signing the server's cert with the CA key." What I've found is:
http://slacksite.com/apache/certificate.html
Also, Rob Flickenger
<http://www.onlamp.com/pub/a/onlamp/2003/02/06/linuxhacks.html> kinda
describes it, but apparently his ca.pl script isn't available at
O'Reilly's website. Well, it doesn't really look like I need it anyways.
The part of it I'd like some input on is dealing with the passphrase
protection of the private key. I'll play with this a bit here at home, but
the last thing I want to have is for a reboot to get stuck because Apache
is waiting for someone to input the passphrase. My guess is that most
people don't use a passphrase-protected key, and just protect the private
key as best they can. Otherwise re-booting a shared-hosting server would
be a nightmare.
Can you elaborate on the difference between generating a (regular) RSA
keypair and a "CA" key-pair?
jed
--
http://s88369986.onlinehome.us/freedomsight/
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list