[clue] Fwd: materials on SSL?

Rossi Guiliani rossi at guiliani.me
Wed Jul 10 11:29:51 MDT 2013 

The point of the CA is that you install that Certificate.  Then it becomes
a chain of authority.

Root CA <--- this dude is the boss.
      |
Intermediate CA - middle manager
      |
client cert <-- worker

The Root CA will ALWAYS be self-signed.  Otherwise it is just an
intermediate CA.  You designate trust to a CA by installing the root CA
into your /etc/ssl/certs and rehashing.  Then you can verify by adding a
flag for CAPath in openssl to /etc/ssl/certs.



On Wed, Jul 10, 2013 at 10:26 AM, Mike Bean <beandaemon at gmail.com> wrote:

> OK, here's what I'm really struggling with.  I'm trying to get SSL going
> on a redhat-3 box.   I've done enough research to know it's not working
> because SSL can't find the trusted cert.  I figured out that openssl won't
> trust a self-signed certificate unless you install it a specific directory
> and link the hash.
>
> All of which, can, at least on paper, be verified by running 'openssl
> verify cert.file'
>
> My question is this.   Does your certificate authority (CA) cert, in and
> of itself have to be trusted as well? What about the key?
>
> # openssl verify /etc/pki/tls/myca.crt
> /etc/pki/tls/myca.crt: CN = XXXXXXXXXXXX, emailAddress =
> XXXXXXXXXXXXXXXXXXXXXXXXXX
> error 18 at 0 depth lookup:self signed certificate
>
> ---------- Forwarded message ----------
> From: Mike Bean <beandaemon at gmail.com>
> Date: Wed, Jul 10, 2013 at 8:42 AM
> Subject: Re: materials on SSL?
> To: CLUE's mailing list <clue at cluedenver.org>
>
>
> Here's another good one: http://gagravarr.org/writing/openssl-certs/
> I know I'm kind of answering my own question as I go here, but I thought
> I'd share with the group anyway, just in case.
>
>
> On Wed, Jul 10, 2013 at 7:33 AM, Mike Bean <beandaemon at gmail.com> wrote:
>
>> This one's great!
>> http://www.madboa.com/geek/openssl/
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: Mike Bean <beandaemon at gmail.com>
>> Date: Wed, Jul 10, 2013 at 7:20 AM
>> Subject: materials on SSL?
>> To: CLUE's mailing list <clue at cluedenver.org>
>>
>>
>> Crazy question, I would think it would be all over the place, but I'm
>> trying to research openssl and certs, and all the reference material
>> necessary to get started, but I'm finding a surprising lack.  Anyone got
>> any good SSL/certificates references/material they can recommend?
>>
>> Mike Bean
>>
>>
>
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20130710/20500bbf/attachment.html

More information about the clue mailing list