[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: s18 and SSL/TLS

Victor Gamov wrote:
> Matti Aarnio wrote:
> > 
> >   That referred document (not mine, but that URL inside it) does tell
> > you to (by recollection):
> >         - create your own CA key
>         CA.pl -newca

	Right.  Did it ask for password ?

> >         - sign your own CA key (or was this in it?)
>         How I can do it?

	Possibly this wasn't at that list at all, I should
	look at the original reference myself.  If "-newca"
	did ask for a password, this "CA signing" wasn't needed.

> >         - create the application key
>         CA.pl -newreq


> >         - sign the application key with your CA key
>         CA.pl -sign

	That is wrong at the original, it must be:

	  CA.pl -signcert

	Remember also to modify your  openssl.cnf  file so that
	'nsCertType' is set to 'server'.

	Then Netscape won't complain so much, and MicroSloth (IE5 ?)
	won't just groak with mystic error code without clear
	explanation...  (We *really* scratched our heads at
	my office for a few days with that..)

>         But smtpserver does not launch properly -- it cann't find start
> line in
> smtpserver-key.pem file.  When I look into this file I found that this
> file does not start with issuer/subject lines.  Is it properly?

	No, "-signcert" ...

> > Perhaps I should rewrite that document into single concise one, but
> > that has to wait a few days..
> --
> 	CU, Victor Gamov

/Matti Aarnio