[Gllug] IIS and OpenSSL certs

Peter Grandi pg_gllug at gllug.for.sabi.co.UK
Mon Sep 19 14:15:13 UTC 2005


>>> On Mon, 19 Sep 2005 13:47:39 +0100, Dean Wilson
>>> <dwilson at unixdaemon.net> said:

dwilson> I'm currently trying to set up a self-signed cert for
dwilson> an IIS 5 webserver.  I'm using OpenSSL and I'm not
dwilson> getting very far. Has anyone does this and got it
dwilson> working? (I assume it's just me making a mistake) and
dwilson> do you have any good docs pointers?  Or should I just
dwilson> bite the bullet and use MS Certificate server?

Well, because the whol story is badly designed (certificates,
ASN, OpenSSL) it is a mess... Doing certificates well is not at
all easy, doing them badly is sort of easy.

The two best options are:

* For a very simple approach, use the GNU TLS certificate
  generation tool, it is much much easier to use than the
  OpenSSL one. It is called 'certtool'.

    http://WWW.GNU.org/software/gnutls/manual/html_node/Invoking-certtool.html

* For a more comprehensive approach, I have written a set of
  template certificate generation files and a 'make' based
  system for their generation which you can get here:

    http://WWW.sabi.co.UK/Cfg/SSL/

Futile warning: please take some care to understand what is
going on, because the it is not trivial.

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list