SSL/TLS and certificate generation/handling in debian-edu (bug 571)

To: Debian-Edu <debian-edu@lists.debian.org>
Subject: SSL/TLS and certificate generation/handling in debian-edu (bug 571)
From: "Herman Robak" <herman@skolelinux.no>
Date: Wed, 25 Aug 2004 22:37:52 +0200
Message-id: <[🔎] opsda19eq15056ey@dhcp147.intern>

In the next developer gathering in Oslo, I will focus on finding
good solutions to sertificate generation and handling in Debian-edu
installations.

Problems: Automatic generation of local certificates, and distributing
	the "root" certificate to the clients automatically during
	installation.

Pregenerated certificates are a big no-no.  The private key has to
be unique, with restricted access, on each installation.

Manual signing is too cumbersome.  Getting the server certificate
signed by Thawte or Verisign is expensive.  It is also overkill,
unless the SSL server is to be accessible over the Internet.

I would like to discuss secure, yet convenient ways to automate
the process of generating a "local CA", and distributing the
"root" certificate of that local CA to the clients.

--
Herman Robak

Reply to:

Follow-Ups:
- Re: SSL/TLS and certificate generation/handling in debian-edu (bug 571)
  - From: Andreas Schuldei <andreas@schuldei.org>

Prev by Date: Re: Linuxshop.ru / Drupal (was Re: A new version of The Linux Signpost has been released)
Next by Date: Re: SSL/TLS and certificate generation/handling in debian-edu (bug 571)
Previous by thread: Re: Linuxshop.ru / Drupal (was Re: A new version of The Linux Signpost has been released)
Next by thread: Re: SSL/TLS and certificate generation/handling in debian-edu (bug 571)
Index(es):
- Date
- Thread