[clue] Fwd: materials on SSL?

Wed Jul 10 10:26:07 MDT 2013

OK, here's what I'm really struggling with.  I'm trying to get SSL going on
a redhat-3 box.   I've done enough research to know it's not working
because SSL can't find the trusted cert.  I figured out that openssl won't
trust a self-signed certificate unless you install it a specific directory
and link the hash.

All of which, can, at least on paper, be verified by running 'openssl
verify cert.file'

My question is this.   Does your certificate authority (CA) cert, in and of
itself have to be trusted as well? What about the key?

# openssl verify /etc/pki/tls/myca.crt
/etc/pki/tls/myca.crt: CN = XXXXXXXXXXXX, emailAddress =
XXXXXXXXXXXXXXXXXXXXXXXXXX
error 18 at 0 depth lookup:self signed certificate

---------- Forwarded message ----------
From: Mike Bean <beandaemon at gmail.com>
Date: Wed, Jul 10, 2013 at 8:42 AM
Subject: Re: materials on SSL?
To: CLUE's mailing list <clue at cluedenver.org>

Here's another good one: http://gagravarr.org/writing/openssl-certs/
I know I'm kind of answering my own question as I go here, but I thought
I'd share with the group anyway, just in case.

On Wed, Jul 10, 2013 at 7:33 AM, Mike Bean <beandaemon at gmail.com> wrote:

> This one's great!
> http://www.madboa.com/geek/openssl/
>
>
>
> ---------- Forwarded message ----------
> From: Mike Bean <beandaemon at gmail.com>
> Date: Wed, Jul 10, 2013 at 7:20 AM
> Subject: materials on SSL?
> To: CLUE's mailing list <clue at cluedenver.org>
>
>
> Crazy question, I would think it would be all over the place, but I'm
> trying to research openssl and certs, and all the reference material
> necessary to get started, but I'm finding a surprising lack.  Anyone got
> any good SSL/certificates references/material they can recommend?
>
> Mike Bean
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20130710/1dfdc862/attachment.html 