I've been looking all over (google, wiki, manuals) for docs, and I can't find any mention of how to set up a CA or certificates *specifically for centos 5 / upstream 5*. There are plenty of generic guides on using openssl for this sort of thing, but I'd like to play nice within the standard structure of this system. I've found the /etc/pki directory, but can't find much information about it. I reviewed the openssl.cnf file, and it looks like it's not completely set up, as many directories it references do not exist on the system. What I'm looking to do is set up my own CA, then make some certificates for use with SSL, and sign them with the CA. This will be used for internal purposes. Any pointers to guides or information would be appreciated. Thanks.
On Monday, August 27, 2007 5:19 PM -0400 Brian Mathis <brian.mathis at gmail.com> wrote:> I've found the /etc/pki directory, but can't find much information > about it. I reviewed the openssl.cnf file, and it looks like it's not > completely set up, as many directories it references do not exist on > the system.A good place to start is /etc/pki/tls/certs/Makefile. I've just started using CentOS5, migrating from Fedora, so I'm not yet up to speed on the relocation of OpenSSL from /usr/share/openssl to /etc/pki/tls, but that Makefile is mostly what I used to create self-signed certs, or I used variations of the commands it suggested.
On Mon, 2007-08-27 at 17:19 -0400, Brian Mathis wrote:> I've been looking all over (google, wiki, manuals) for docs, and I > can't find any mention of how to set up a CA or certificates > *specifically for centos 5 / upstream 5*. There are plenty of generic > guides on using openssl for this sort of thing, but I'd like to play > nice within the standard structure of this system. > > I've found the /etc/pki directory, but can't find much information > about it. I reviewed the openssl.cnf file, and it looks like it's not > completely set up, as many directories it references do not exist on > the system. > > What I'm looking to do is set up my own CA, then make some > certificates for use with SSL, and sign them with the CA. This will > be used for internal purposes. > > Any pointers to guides or information would be appreciated. > Thanks.Hi Brian, I did some more digging and maybe this link has some information that is useful: http://blog.laimbock.com/2007/08/28/svn-and-websvn-over-ssl-with-self-signed-certificates/ The self-signed certificate stuff is at item 10 to 14 (skip 12). Regards, Patrick
Brian Mathis wrote:> I've been looking all over (google, wiki, manuals) for docs, and I > can't find any mention of how to set up a CA or certificates > *specifically for centos 5 / upstream 5*. There are plenty of generic > guides on using openssl for this sort of thing, but I'd like to play > nice within the standard structure of this system. >Consider getting TinyCA2 from rpmforge. It more than does the job. In fact you can create your own root cert and any number of server certs. then just the one root cert installed in browsers will take care of all your TLS needs.> I've found the /etc/pki directory, but can't find much information > about it. I reviewed the openssl.cnf file, and it looks like it's not > completely set up, as many directories it references do not exist on > the system. > > What I'm looking to do is set up my own CA, then make some > certificates for use with SSL, and sign them with the CA. This will > be used for internal purposes. > > Any pointers to guides or information would be appreciated. > Thanks. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >
On 8/27/07, Brian Mathis <brian.mathis at gmail.com> wrote:> I've been looking all over (google, wiki, manuals) for docs, and I > can't find any mention of how to set up a CA or certificates > *specifically for centos 5 / upstream 5*. There are plenty of generic > guides on using openssl for this sort of thing, but I'd like to play > nice within the standard structure of this system. > > I've found the /etc/pki directory, but can't find much information > about it. I reviewed the openssl.cnf file, and it looks like it's not > completely set up, as many directories it references do not exist on > the system. > > What I'm looking to do is set up my own CA, then make some > certificates for use with SSL, and sign them with the CA. This will > be used for internal purposes. > > Any pointers to guides or information would be appreciated. > Thanks. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >take a look at : http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-httpd-secure-server.html -- Leonel
Apparently Analagous Threads
- Suggestions for a plug and play CA certificate manager?
- which commands do you use to SSL certify your own server?
- SSL certificate?
- BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
- Certificat Outlook 2003