Hi, I'd like to thank all who contributed. > If you don't want to run your own certificate authority or pay a > commercial one to sign your key, and you don't have a lot of > certificates to deal with, you can have each key simply be self-signed, > which I believe is what's being recommended here. Actually, there are a number of reasons why I want to run a more fully featured CA: -> I'd like to use certs for authenticating slave openldapservers. -> I want to use the certs to let laptopusers send mail through my mailservers. -> I want to have a system to let pops and imaps users install the certificates on their machines through a simple webinterface. -> It has to be operated w/o a gui.
I think I'll end up with pyca (www.pyca.org) as it seems to have most of these features in place. The other possibilities are openca which is IMHO to complicated for my needs and tinyca (that many on this list suggested) that doesn't (please correct me if I'm wrong) give me the finished scripts for importing certs in outlook, IE, Mozilla and other programs. If there are other alternatives out there, please let me know. Again, I thank you for your contributions. Tarjei > noah >
