On 22/01/2018 3:52 pm, Viktor Dukhovni wrote:
>
>> On Jan 22, 2018, at 10:06 AM, Danny Horne <da...@trisect.uk> wrote:
>>
>> Private CA sounds interesting, will have to read up about it
> You can get away with a lot less complexity than the usual OpenSSL CA.
> See, for example:
>
>
> https://raw.githubusercontent.com/openssl/openssl/master/test/certs/mkcert.sh
>
> which creates certificates via "openssl x509 -req" without all the overhead of
> a stateful CA. What you'd do differently is password-protect the CA key, and
> perhaps issue certificates with a somewhat shorter lifetime than the 100 years
> in that script.
>
I'll stick with what I have for now. Read up about creating a private
CA and it went over my head, I also couldn't figure out what input that
script needed from me
