[cvsnt] sserver with self-signed certificates

Tony Hoyle tony.hoyle at march-hare.com
Tue Mar 14 22:20:17 GMT 2006

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

Charles Oram wrote:
> OK, but is the server certificate that was generated with genkey is 
> self-signed? Can I just make my own client certifcates that are signed 
> with the server private key? And if so, how do you do it - can I just 
> use the openssl tools?
> Thanks for your help.
genkey just creates a minimal certificate for first installation.. it's 
adequeate for many people but isn't useful for client certificate use.

The openssl tools will do it - they come with scripts to make it simple 
(this is easier on unix but I see no reason why they wouldn't work on 
windows too.. you just need the ca.pl script).

There are probably tutorials online that explain it better, but it goes 
something like:

ca.pl -newca (create the CA)
Find the CA certificate and call that ca.pem, put on server & clients.
ca.pl -newreq-nodes (request a new certificate for the server)
ca.pl -sign (sign it with your CA)
Put the certificate and private key on the server
Repeat the last two for each client



More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook