Re: Need pointers on managing client certs...
kdd21_at_hotmail.com
Date: 06/06/05
- Previous message: kdd21_at_hotmail.com: "Re: Need pointers on managing client certs..."
- In reply to: Colin McKinnon: "Re: Need pointers on managing client certs..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 6 Jun 2005 11:37:45 -0700
Oh, and a couple of other questions about Colin's response:
>IIRC updating the local CRL should just be a matter of dropping the
>published CRL file into whatever openssl.cnf defines as crl_dir.
Ok, but what "published CRL file" and how to I get it? Should I create
a curl cron job that grabs it over the web at periodic intervals?
>1) you don't really require a client certificate
Seems likely I guess. Here's hoping...
>2) you create a client certificate signed with your own self-sgned root CA
>(unless the server has a copy of the public root CA this has no benefits
>over 1 above) in which case you can choose how long it's valid for.
The server is using Verisign, isn't it the CA in this case? If not,
how do I figure out how to do what you just said?...
>3) you are being supplied with a certificate - in which case you don't have
>much choice in the matter.
Not sure what that means. How would I be "supplied" with a
certificate?
Thanks,
-- KD
- Previous message: kdd21_at_hotmail.com: "Re: Need pointers on managing client certs..."
- In reply to: Colin McKinnon: "Re: Need pointers on managing client certs..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
