mån 2012-12-17 klockan 15:23 +0100 skrev Stefan H. Holek: > Hi All! > > I have been working on an OpenSSL PKI tutorial, and the time has come where I > would like to solicit feedback from the community. The tutorial takes a > somewhat novel approach without ever referring to openssl.cnf or CA.pl > (yuck). You can find it here: > > https://pki-tutorial.readthedocs.org/ > > I am particularily interested in three things: > > a) Is there anything blatantly wrong? > b) What do you think about the configuration files? > c) Would you like to see more examples added? > > Feel free to open tickets in the issue tracker [1] or just reply to the list. > > Thank you, > Stefan > > [1] https://bitbucket.org/stefanholek/pki-tutorial/issues >
I have one question regarding your root CA signing. You use the openssl ca program to selfsign the certificate. Before a number of people has used the "req -new -x509":method (or "x509 -in crt.csr"). Stems this change from changes in openssl's features ? Also i'm thinking about you use of concatenating of a certificate and its ca certs. I would like to see more explanations of why you distribute certs and crls as DER compared with PEM and in what cases this is necessary. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
