From owner-freebsd-questions Sun Apr 15 20:59: 1 2001 Delivered-To: freebsd-questions@freebsd.org Received: from sapphire.hypostasis.com (210-54-89-147.ipnets.xtra.co.nz [210.54.89.147]) by hub.freebsd.org (Postfix) with ESMTP id B0B3837B424 for ; Sun, 15 Apr 2001 20:58:57 -0700 (PDT) (envelope-from kit@hypostasis.com) Received: from amethyst.hypostasis.com (amethyst.hypostasis.com [192.168.2.2]) by sapphire.hypostasis.com (8.11.3/8.11.2) with ESMTP id f3G3agO02723 for ; Mon, 16 Apr 2001 15:36:42 +1200 (NZST) (envelope-from kit@amethyst.hypostasis.com) Received: (from kit@localhost) by amethyst.hypostasis.com (8.11.3/8.11.2) id f3G48Xc36117 for questions@freebsd.org; Mon, 16 Apr 2001 16:08:33 +1200 (NZST) (envelope-from kit) Date: Mon, 16 Apr 2001 16:08:32 +1200 From: kit To: questions@freebsd.org Subject: OpenSSL certificate signing Message-ID: <20010416160832.A35693@amethyst.hypostasis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi I was looking for the CA.pl et al. to sign a certificate for internal use. In the process I discovered that also the man pages were selective in their install - OK that seems to be controlled by #WANT_OPENSSL_MANPAGES= true which points out that it overwrites some system manpages. OK Next step try the modssl port (A sneaky feeling that the openssl one was not a goer) as the mod ssl page keeps coming up as the resource on certificate signing. But I need to do it as a part of the apache+modssl port - maybe later I try a make extract on the openssl port - forbidden openssl already installed. Ok Ok I guessed that already :) poking around in /usr/src/crypto seems to indicate that all the bits are there, but just not installed. Hmm. Nothing in /etc/defaults/make.conf seems relevant. This seems to indicate that I'm probably taking the wrong approach especially when I note the dates in CA.sh Apr-96. I'm 95 years too early. So what is the best way to sign the certificates? Is it that the commandline tool is it in its bare bones? Or that there is another tool hidden somewhere (probably in plain sight) Or is the FreeBSD openssl config more suitable to signing than the bare original? I guess the next step is a make extract on apache+modssl to have a look at sign.sh. Any pointers or references to current documnetation would be greatly appreciated, --kit To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message