Daniel P. Berrange wrote:
At the corporate end I'd expect them to have formal CA & certificate issuing procedures. Most community folks will likely end up just creating a private self-signed CA cert - if we document it, its a fairly trivial command or two to run using openssl, or certtool.
OpenSSL seems to come with a Perl script called CA.pl which actually makes creating a CA and signing certs trivial. Needless to say the documentation for this is very poor (there must be some sort of plot by the OpenSSL/PKI people to make encryption seem unnecessarily complex) but I did find some online documentation for this which unfortunately I can't find again. I'll keep looking ...
Rich. -- Red Hat UK Ltd. 64 Baker Street, London, W1U 7DF Mobile: +44 7866 314 421 (will change soon)