Ssl

From Arnout Engelen

• http://www.flatmtn.com/computer/Linux-SSLCertificates.html
• http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html
• http://tldp.org/HOWTO/SSL-Certificates-HOWTO/x160.html
• http://www.apache-ssl.org/
• http://hausheer.osola.com/docs/9
• http://www.garex.net/apache/#CACreation

[edit] Root CA

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 365

• cakey.pem -> geheim. Handig om het wachtwoord uit de key te slopen, voor het starten van apache.
• cacert.pem -> publiek

[edit] Client certificates

So far (not working):

$ openssl genrsa -out client.key 1024
$ openssl req -new -key client.key -out client.csr
$ openssl x509 -req -in client.csr -out client.cert -signkey cakey.pem -CA cacert.pem -CAkey cakey.pem -CAcreateserial -days 365
$ openssl pkcs12 -export -in client.cert -inkey client.key -out client.p12
No certificate matches private key