Re: Certificates Revocation Lists and Apache...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, 5 Nov 2009, John Doe wrote:

>> Also, there's an Apache bug that fouls things up if the "CA" and 
>> "CA SSL" root certificates both have the same CN:
>>   https://issues.apache.org/bugzilla/show_bug.cgi?id=45708
>
> Hum.. that might be the case...
> They must all use 'myhost.mydomain' as CN...
> Do you know how to specify different CNs in a common openssl.conf file?

I use a Makefile wrapper around the openssl calls. Here's a condensed 
version:

----- %< -----
#
# usage:
#
#  make my.hostname.com.csr -- generate a CSR for host
#  make my.hostname.com.crt -- build a CA-signed certificate
#

CONF = openssl.cnf
OPENSSL = openssl
SUBJECT = /C=US/ST=OR/L=Portland/O=Our Organization
CSRARGS = req -new -config $(CONF)
CRTARGS = ca -config $(CONF)

.PRECIOUS: %.key

%.key:
 	$(OPENSSL) genrsa -out $@ 2048

%.csr: %.key
 	$(OPENSSL) $(CSRARGS) -key $^ -out $@ -subj "$(SUBJECT)/CN=$*"

%.crt: %.csr
 	$(ENV) CN=$* $(OPENSSL) $(CRTARGS) -in $^ -out $@

----- %< -----

-- 
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux