[Gllug] IIS and OpenSSL certs
Peter Grandi
pg_gllug at gllug.for.sabi.co.UK
Mon Sep 19 14:15:13 UTC 2005
>>> On Mon, 19 Sep 2005 13:47:39 +0100, Dean Wilson
>>> <dwilson at unixdaemon.net> said:
dwilson> I'm currently trying to set up a self-signed cert for
dwilson> an IIS 5 webserver. I'm using OpenSSL and I'm not
dwilson> getting very far. Has anyone does this and got it
dwilson> working? (I assume it's just me making a mistake) and
dwilson> do you have any good docs pointers? Or should I just
dwilson> bite the bullet and use MS Certificate server?
Well, because the whol story is badly designed (certificates,
ASN, OpenSSL) it is a mess... Doing certificates well is not at
all easy, doing them badly is sort of easy.
The two best options are:
* For a very simple approach, use the GNU TLS certificate
generation tool, it is much much easier to use than the
OpenSSL one. It is called 'certtool'.
http://WWW.GNU.org/software/gnutls/manual/html_node/Invoking-certtool.html
* For a more comprehensive approach, I have written a set of
template certificate generation files and a 'make' based
system for their generation which you can get here:
http://WWW.sabi.co.UK/Cfg/SSL/
Futile warning: please take some care to understand what is
going on, because the it is not trivial.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list