Re: s18 and SSL/TLS

[Matti Aarnio <mea@nic.funet.fi>]

Victor Gamov wrote:
> Matti Aarnio wrote:
> > 
> >   That referred document (not mine, but that URL inside it) does tell
> > you to (by recollection):
> >         - create your own CA key
> 
>         CA.pl -newca

	Right.  Did it ask for password ?

> >         - sign your own CA key (or was this in it?)
> 
>         How I can do it?

	Possibly this wasn't at that list at all, I should
	look at the original reference myself.  If "-newca"
	did ask for a password, this "CA signing" wasn't needed.

> >         - create the application key
> 
>         CA.pl -newreq

	Right.

> >         - sign the application key with your CA key
> 
>         CA.pl -sign

	That is wrong at the original, it must be:

	  CA.pl -signcert

	Remember also to modify your  openssl.cnf  file so that
	'nsCertType' is set to 'server'.

	Then Netscape won't complain so much, and MicroSloth (IE5 ?)
	won't just groak with mystic error code without clear
	explanation...  (We *really* scratched our heads at
	my office for a few days with that..)

>         But smtpserver does not launch properly -- it cann't find start
> line in
> smtpserver-key.pem file.  When I look into this file I found that this
> file does not start with issuer/subject lines.  Is it properly?

	No, "-signcert" ...

> > Perhaps I should rewrite that document into single concise one, but
> > that has to wait a few days..
> --
> 	CU, Victor Gamov

/Matti Aarnio