Comments on: Be your own Certificate Authority (CA) http://www.g-loaded.eu/2005/11/10/be-your-own-ca/ An open-source software and technology related journal Sun, 28 Feb 2010 05:55:55 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: GNot http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-6293 GNot Fri, 16 Feb 2007 10:57:54 +0000 http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-6293 Although this information does not belong here, I post it because the postfix configuration is a very good example. So, according to the files that have been generated in the above article, the postfix settings inside the main.cf file that set the paths to the server's and the certification authority's certificates are: <pre> smtp_tls_CAfile = /path/to/certs/myca.crt smtp_tls_cert_file = /path/to/certs/server.crt smtp_tls_key_file = /path/to/private/server.key smtpd_tls_CAfile = /path/to/certs/myca.crt smtpd_tls_cert_file = /path/to/certs/server.crt smtpd_tls_key_file = /path/to/private/server.key </pre> Although this information does not belong here, I post it because the postfix configuration is a very good example. So, according to the files that have been generated in the above article, the postfix settings inside the main.cf file that set the paths to the server’s and the certification authority’s certificates are:

smtp_tls_CAfile = /path/to/certs/myca.crt
smtp_tls_cert_file = /path/to/certs/server.crt
smtp_tls_key_file = /path/to/private/server.key

smtpd_tls_CAfile = /path/to/certs/myca.crt
smtpd_tls_cert_file = /path/to/certs/server.crt
smtpd_tls_key_file = /path/to/private/server.key
]]> By: Paritosh http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-6273 Paritosh Fri, 16 Feb 2007 05:24:47 +0000 http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-6273 According to the documentation in "http://www.g-loaded.eu/2005/11/10/be-your-own-ca" which are the files that i can use for postfix i.e tls_key_file, tls_cert_file and tls_CAfile. According to the documentation in “http://www.g-loaded.eu/2005/11/10/be-your-own-ca” which are the files that i can use for postfix i.e tls_key_file, tls_cert_file and tls_CAfile.

]]> By: GNot http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-5941 GNot Sun, 04 Feb 2007 14:32:28 +0000 http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-5941 This is like becoming an official root or intermediate certification authority yourself. I don't know about the procedures of becoming an official authority, but I don't think it's easy, since your root certificate would have to be included in all the major browsers by default. I assume that the latter requires lots of time and money to be spent for building a worldwide trusted company. If the root cert not included in the browsers, email clients etc, then it's like having a self-signed root certificate, which you would have to persuade the whole world to insert it manually to their internet software. This is like becoming an official root or intermediate certification authority yourself. I don’t know about the procedures of becoming an official authority, but I don’t think it’s easy, since your root certificate would have to be included in all the major browsers by default. I assume that the latter requires lots of time and money to be spent for building a worldwide trusted company.
If the root cert not included in the browsers, email clients etc, then it’s like having a self-signed root certificate, which you would have to persuade the whole world to insert it manually to their internet software.

]]> By: GGeorge http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-5934 GGeorge Sun, 04 Feb 2007 04:52:34 +0000 http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-5934 I am interested in knowing whether I can purchase a cetificate and then use it to sign certificates for use by or on behalf of others, for, say, their websites or e-mail services that I am hosting on my servers. I am interested in knowing whether I can purchase a cetificate and then use it to sign certificates for use by or on behalf of others, for, say, their websites or e-mail services that I am hosting on my servers.

]]> By: tjl http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-5553 tjl Fri, 12 Jan 2007 20:38:46 +0000 http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-5553 I thank you also. This was very helpful! I thank you also. This was very helpful!

]]> By: Marshall http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-5469 Marshall Fri, 05 Jan 2007 18:52:28 +0000 http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-5469 Outstanding. Thank you for a concise, complete tutorial. Especially nice is that you create a copy of the original configuration and work with an empty directory hierarchy. Outstanding.

Thank you for a concise, complete tutorial. Especially nice is that you create a copy of the original configuration and work with an empty directory hierarchy.

]]> By: Gnot http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-4889 Gnot Thu, 05 Oct 2006 14:47:18 +0000 http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-4889 I'm glad you found it useful. I’m glad you found it useful.

]]> By: Chia http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-2579 Chia Sat, 19 Aug 2006 02:01:31 +0000 http://www.g-loaded.eu/2005/11/10/be-your-own-ca/#comment-2579 Hi, Thanks your document. It helps tremendously. Appreciate your effort. Best Regards, Chia Hi,

Thanks your document. It helps tremendously.

Appreciate your effort.

Best Regards,
Chia

]]>