On Wed, Nov 09, 2005, david kine wrote: > I've switched over to a Linux system running OpenSSL > 0.9.7a Feb 19 2003, and copied the CA.pl from Solaris, > now everything works fine. > > Going back to my original question, I need to create a > root CA, then create a server CA (signed with the root > CA), then create a server certificate (signed with the > server CA). > > Just like the examples in "Programming with SSL", > pages 125 and 125. > > Then I will need to revoke the server CA and create a > crl. > > So my question is, given that CA.pl creates a root CA, > how do I create the server CA? Then create a server > certificate signed with the server CA? >
Create a new certificate request for the server CA. Then sign it with: CA.pl -signca Then in a different directory run CA.pl -newca again and supply it with the server certificate filename. Then you will have two separate CA directories where you can issue certificates for each CA. If you want to revoke the server CA you would do that from the root CA directory using "openssl ca -revoke" and "openssl ca -gencrl" Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
