Re: certificate server
I will be happy to participate, until now, I have writed an personnal
how-to (in french)
I use only openssl for my certificates managment
--
/°> May the GNU/Linux be with you, young Jedi!
(V)_ delete remove_NO_1SPAM from email for reply
Le mar 04/11/2003 à 10:43, Jeff a écrit :
>
> I operate our CA using openssl and in-house scripting, for secure web and mail
> services with extensive use of client certificates in MSIE, Netscape, Outlook,
> Outlook Express. (Though Outlook does not seem to support client certs yet
> [anyone disagree?])
>
> I manage about ~500 active users and ~20 servers. If you are looking to manage
> 10,000s of certificates you will probably have to develop your own scripts to
> manage the CA, as the textbase must fit entirely in memory. With about 1000
> certs, the textbase is only about 150K 8-)
>
> If you understand how a CA works, then its easy peasy. If not, you will need to
> understand how a CA works it before you dive in.
>
> The documentation is poor, and last I looked, there were not many examples - it
> seems to still have a whiff of the arcane.
>
> I've often thought someone should create some MINI-HOWTOs covering the full cycle
> from CA setup and operation through to client CSR, signing and installation etc.
> It took me a lot of trial and effort to get it all hanging sweetly, esp for
> example getting MSIE to create a CSR and then install the signed cert under the
> various NT4, XPsp1 etc. I am sure that there is probably a 'Better Way'.
>
> I would be happy to contribute, but we need a recognised / trusted person to act
> as focus / coordinator. A second phase might be to refine the scripts to make
> full CA operation a breeze, maybe even in conjunction with openssl.org? [openssl
> config seems to have a lot of detris from early days left in it]
>
> HIH,
>
> Jeff
Reply to: