[sclug] openCA / CA on Linux
Steven Lane
steve.lane at alphacourt.com
Sat Oct 25 09:05:33 UTC 2003
Rick,
Thanks for the response.
I need something of commercial strength without paying for something like
RSA Keon or Balitimore Unicert that includes certificate management and
certificate revocation. I considered using Windows 2000 which is
satisfactory but not ideal. I want to investigate a Linux solution. Ideally
I need a solution that is easy to administer and is able to interface to
PKCS#11 hardware for holding the master keys.
Whilst we are on the subject has anyone implemented FIPS 140-1 Level 3 /4
crypto hardware such as the IBM 4758 Crypto coprocessor under Linux and can
recommend / comment / point at information.
Kind Regards
Steve
----------------------------------------------------------------------
Steven Lane
Information Security Consultant
Alphacourt Limited
The Integration Practice
Telephone: +44 (0) 1793 616199
Mobile: +44(0) 7887 933440
Email: steve.lane at alphacourt.com
www: http://www.alphacourt.com
Worried about security in a WebSphere MQ environment?
Want advice on implementing SSL for WebSphere MQ?
Come to "ask the expert" at http://www.alphacourt.com
------------------------------------------------------------------------
-----Original Message-----
From: sclug-admin at sclug.org.uk [mailto:sclug-admin at sclug.org.uk]On
Behalf Of Rick Payne
Sent: 13 February 2003 17:08
To: Steven Lane; sclug at sclug.org.uk
Subject: Re: [sclug] openCA / CA on Linux
--On Thursday, February 13, 2003 5:02 pm +0000 Steven Lane
<steve.lane at alphacourt.com> wrote:
> Does anybody know where to find a guide to setting up a CA on Linux? I
> guess this is going to be openCA but I have yet to find a step by step
> cookbook for setting it up. Anybody able to help?
I use CA.pl - which came with openssl at one point. Its pretty
straightforward to use:
./CA.pl -h
usage: CA -newcert|-newreq|-newca|-sign|-verify
So you '-newca' to create your CA. '-newreq' to create the request, and
'-sign' to sign it from your CA.
I can mail you the script if you can't find it.
Rick
_______________________________________________
sclug mailing list
sclug at sclug.org.uk
http://www.sclug.org.uk/mailman/listinfo/sclug
More information about the Sclug
mailing list