Re: Looking for a simple SSL-CA package
On Sat, Aug 23, 2003 at 07:38:25PM +0200, Adam ENDRODI wrote:
> On Fri, Aug 22, 2003 at 01:04:54PM -0400, Matt Zimmerman wrote:
> > On Thu, Aug 21, 2003 at 12:56:30PM +0200, Tarjei Huse wrote:
> >
> > > I'm no expert on handling certificates and I hope not having to learn
> > > all the commandline switches of openssl by heart. However, I do need a
> > > simple setup of a CA that I may use for creating selfsigned
> > > certificates, webpages that clients may use to import the certificates
> > > and also a way to organize certificare revocationlists etc.
> >
> > You don't need a CA to create self-signed certificates (by definition there
> > is no CA involved if the certificate is self-signed).
>
> Perhaps I just misinterpret the terminology, but I've had the
> impression that every certificate should be signed, so should the
> root of the tree too. Since they sit at the top of the hierarchy
> they must be self signed. Am I missing something?
It doesn't sound like you're missing something, except insofar as you seem
to think that what you said conflicts somehow with what I said.
--
- mdz
Reply to: