Date: Mon, 14 Jan 2002 16:33:16 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: Terry Lambert <tlambert2@mindspring.com> Cc: freebsd-hackers@FreeBSD.org Subject: Re: [OT] OpenSSL, certification chains and Exim Message-ID: <91603.1011018796@axl.seasidesoftware.co.za> In-Reply-To: Your message of "Fri, 11 Jan 2002 11:18:43 PST." <3C3F3A93.C1ECF9B0@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Jan 2002 11:18:43 PST, Terry Lambert wrote: > So my advise is: > > A) Self-sign a signing certficate > B) Install it as authoritative in the software > C) Sign a leaf certificate (a *non-signing* certificate) > with the signing certificate, and use that one in your > server software Thanks, Terry. This was enormously helpful, just in terms of providing a framework within which to structure further google searches. I've managed to find some web pages describing exactly how to do what you've suggested above. [Google: openssl leaf certificate] > RFC 1423 is a good starting point, and there are a lot of nice > books on the subject, but I don't think any of them are less > than ~300 pages. Just out of curiosity, what does RFC 1423 call what you refer to as "leaf certificates"? Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?91603.1011018796>