I will be happy to participate, until now, I have writed an personnal how-to (in french) I use only openssl for my certificates managment
-- /°> May the GNU/Linux be with you, young Jedi! (V)_ delete remove_NO_1SPAM from email for reply Le mar 04/11/2003 à 10:43, Jeff a écrit : > > I operate our CA using openssl and in-house scripting, for secure web and mail > services with extensive use of client certificates in MSIE, Netscape, Outlook, > Outlook Express. (Though Outlook does not seem to support client certs yet > [anyone disagree?]) > > I manage about ~500 active users and ~20 servers. If you are looking to manage > 10,000s of certificates you will probably have to develop your own scripts to > manage the CA, as the textbase must fit entirely in memory. With about 1000 > certs, the textbase is only about 150K 8-) > > If you understand how a CA works, then its easy peasy. If not, you will need to > understand how a CA works it before you dive in. > > The documentation is poor, and last I looked, there were not many examples - it > seems to still have a whiff of the arcane. > > I've often thought someone should create some MINI-HOWTOs covering the full cycle > from CA setup and operation through to client CSR, signing and installation etc. > It took me a lot of trial and effort to get it all hanging sweetly, esp for > example getting MSIE to create a CSR and then install the signed cert under the > various NT4, XPsp1 etc. I am sure that there is probably a 'Better Way'. > > I would be happy to contribute, but we need a recognised / trusted person to act > as focus / coordinator. A second phase might be to refine the scripts to make > full CA operation a breeze, maybe even in conjunction with openssl.org? [openssl > config seems to have a lot of detris from early days left in it] > > HIH, > > Jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
