On 15 May 2002, Eric Rescorla wrote: > Chris Cleeland <[EMAIL PROTECTED]> writes: > > On Wed, 15 May 2002, John Jones wrote: [snip] > > > Steps I vaguely see, please help me if you can: > > > > > > 2) I need to use the command line utility that comes with OSSL to make > > > uh..what? A private key? A certificate? The user will never see > > > this stuff, hopefully. > > > > Yes, and Eric's book doesn't really address these issues much. I haven't > > really found any book that does in a clear and concise way. > Yeah, I don't address this at all, really. John Viega's new book > "Network Security With OpenSSL" should cover this, but it's not > available yet. For the moment, you'll have to read the OpenSSL docs.
Adams & Lloyd's _Understanding Public-Key Infrastructure_ is what I'm reading right now to try to understand what objects I need, what to put in them, and how to handle them once I've got them. It's not *too* old (1999) and seems to be a thorough survey of the issues. There's nothing at the level of detail that would allow its use as an OpenSSL cookbook -- sometimes I feel I paid $50 for a list of RFCs -- but it's good for getting a broad view of the topic. It's probably better in the long run to understand things at that level, than to have specific commands all laid out for one. I figure that I ought to come away with a deeper understanding of what I'm doing, if I work out the abstract requirements and then translate to OpenSSL specifics. I do think I'll have a look at _Network Security with OpenSSL_ when it comes out, though. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] MS Windows *is* user-friendly, but only for certain values of "user". ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
