Dr. Stephen Henson wrote:
[---]
> I'd speculate that "x509" is automated whereas the "ca" utility
> has support for user intervention. You can do almost everything with "x509"
> that you can with "ca". The most notable difference is that you can only
> generate CRLs using the "ca" utility.
Yes,
On Wed, Dec 02, 2009, Jan Danielsson wrote:
> Hello,
>
>I've been trying to wrap my head around certificate signing, and how
> it differs when using "x509" and "ca". Please correct me if I'm wrong:
>
Well they've been about since SSLeay so I can't comment on the precise
motivation.
I'd spe
Hello,
I've been trying to wrap my head around certificate signing, and how
it differs when using "x509" and "ca". Please correct me if I'm wrong:
(This is wild speculation on my part) x509 is the "traditional" way
to sign CSR's. Somewhere along the line, someone thought it was too
complica
Looking at RSE's mkcert.sh (from mod_ssl) I found
that it is obviously *not* required to use the ca
command to sign a CSR with a CA's certificate; this
can very well be done with the x509 command.
OTOH, the ca command seems to be the only way to
create a CRL. Is this observation correct? The crl
