On Mon, Sep 29, 2008 at 12:00:09PM -0500, CyberLeo Kitsana wrote: > Fraser Tweedale wrote: > > - Create my CA key and a CSR, and have CACert sign it. > > Are you sure it's signed as an intermediary CA? cacert.org's website > suggests they will only sign leaf certificates. > http://wiki.cacert.org/wiki/SubRoot > > Fortunately, your client certs need not be signed by the same CA as your > server cert, and it's probably somewhat pointless to have a client cert > (which will be used for your infrastructure alone) vetted by a third party. > > -- > Fuzzy love, > -CyberLeo > Technical Administrator > CyberLeo.Net Webhosting > http://www.CyberLeo.Net > <[EMAIL PROTECTED]> > > Furry Peace! - http://wwww.fur.com/peace/ >
Thanks for the clarification. I hadn't picked up on the fact that you need a special intermediary cert for the server cert to validate up the chain. Well, nevermind. It's just for personal use anyway... if only X.509 could be simple like OpenPGP :) frase
pgpqxJMTtc3na.pgp
Description: PGP signature
