[cvsnt] sserver with self-signed certificates

Tony Hoyle tony.hoyle at march-hare.com
Tue Mar 14 22:20:17 GMT 2006


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


Charles Oram wrote:
> OK, but is the server certificate that was generated with genkey is 
> self-signed? Can I just make my own client certifcates that are signed 
> with the server private key? And if so, how do you do it - can I just 
> use the openssl tools?
> Thanks for your help.
> 
genkey just creates a minimal certificate for first installation.. it's 
adequeate for many people but isn't useful for client certificate use.

The openssl tools will do it - they come with scripts to make it simple 
(this is easier on unix but I see no reason why they wouldn't work on 
windows too.. you just need the ca.pl script).

There are probably tutorials online that explain it better, but it goes 
something like:

ca.pl -newca (create the CA)
Find the CA certificate and call that ca.pem, put on server & clients.
ca.pl -newreq-nodes (request a new certificate for the server)
ca.pl -sign (sign it with your CA)
Put the certificate and private key on the server
Repeat the last two for each client

http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x160.html
http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x195.html

Tony



More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook