Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to email@example.com.
Charles Oram wrote: > OK, but is the server certificate that was generated with genkey is > self-signed? Can I just make my own client certifcates that are signed > with the server private key? And if so, how do you do it - can I just > use the openssl tools? > Thanks for your help. > genkey just creates a minimal certificate for first installation.. it's adequeate for many people but isn't useful for client certificate use. The openssl tools will do it - they come with scripts to make it simple (this is easier on unix but I see no reason why they wouldn't work on windows too.. you just need the ca.pl script). There are probably tutorials online that explain it better, but it goes something like: ca.pl -newca (create the CA) Find the CA certificate and call that ca.pem, put on server & clients. ca.pl -newreq-nodes (request a new certificate for the server) ca.pl -sign (sign it with your CA) Put the certificate and private key on the server Repeat the last two for each client http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x160.html http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x195.html Tony