[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: s18 and SSL/TLS
Victor Gamov wrote:
> Matti Aarnio wrote:
> >
> > That referred document (not mine, but that URL inside it) does tell
> > you to (by recollection):
> > - create your own CA key
>
> CA.pl -newca
Right. Did it ask for password ?
> > - sign your own CA key (or was this in it?)
>
> How I can do it?
Possibly this wasn't at that list at all, I should
look at the original reference myself. If "-newca"
did ask for a password, this "CA signing" wasn't needed.
> > - create the application key
>
> CA.pl -newreq
Right.
> > - sign the application key with your CA key
>
> CA.pl -sign
That is wrong at the original, it must be:
CA.pl -signcert
Remember also to modify your openssl.cnf file so that
'nsCertType' is set to 'server'.
Then Netscape won't complain so much, and MicroSloth (IE5 ?)
won't just groak with mystic error code without clear
explanation... (We *really* scratched our heads at
my office for a few days with that..)
> But smtpserver does not launch properly -- it cann't find start
> line in
> smtpserver-key.pem file. When I look into this file I found that this
> file does not start with issuer/subject lines. Is it properly?
No, "-signcert" ...
> > Perhaps I should rewrite that document into single concise one, but
> > that has to wait a few days..
> --
> CU, Victor Gamov
/Matti Aarnio