On Fri, Jul 28, 2000 at 08:52:44AM +0200, Gerd Schering wrote:
> are there tools that come with OpenSSL, suitable to achieve a rudimentary form
> of key and certificate management?
OpenSSL comes with the "CA.pl" script that allows for some basic functionality
of a "demoCA".
If you want more, there are pyCA and OpenCA. The complexity of setting up
and running these programs increases with their functionality.
> What I mean is this:
> -how can I ensure that a special key does not get certified twice or for
> another purpose?
What do you mean with "key"? You probably won't ever see the private key,
the certificate request only contains the public key.
So you want to make sure that the same request (the public key with the
DN-info to be certified) is not certified twice?
The OpenSSL demoCA with CA.pl does some checks in that regard.
> -how/where have certs and eventually keys to be kept?
The demoCA will keep copies of the certificates issued, sorted by serial
number. The private keys are normally not known to the CA.
[Here at BTU the CA also offers to generate the key-pair for users that
don't know how, but that is another point. The normal way is that I generate
my keypair myself (genrsa), then generate my certificate request with the
public key and the certificate information (e.g. CN=emserv1.ee.tu-berlin.de)
in it and hand it to you for certification.]
Best regards,
Lutz (also known as [EMAIL PROTECTED])
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
