Richard W.M. Jones wrote:
Daniel P. Berrange wrote:
At the corporate end I'd expect them to have formal CA & certificate
issuing
procedures. Most community folks will likely end up just creating a
private
self-signed CA cert - if we document it, its a fairly trivial command or
two to run using openssl, or certtool.
OpenSSL seems to come with a Perl script called CA.pl which actually
makes creating a CA and signing certs trivial. Needless to say the
documentation for this is very poor (there must be some sort of plot by
the OpenSSL/PKI people to make encryption seem unnecessarily complex)
but I did find some online documentation for this which unfortunately I
can't find again. I'll keep looking ...
This one:
http://sandbox.rulemaker.net/ngps/m2/howto.ca.html
Rich.
--
Red Hat UK Ltd.
64 Baker Street, London, W1U 7DF
Mobile: +44 7866 314 421 (will change soon)