I’ve updated the CA and the server certificates for all of our servers (mail and www). I had a CA with a lifetime of 5 years, but I forgot the passphrase I used for it, so I had to recreate it. The new cert can be downloaded and the finger print (subject key id) is 7F:E6:AF:38:E5:DC:44:F7:58:E2:40:77:61:5F:BD:EC:00:89:E5:07

If you run your own CA and for some reason would like to cross-certify with me, let me know. I’m running openssl as a CA, although I’m looking into using OpenCA, but it is a lot more complex than I need my PKI to be. I won’t have enough users to warrant putting all the certificates into an LDAP directory, nor do I really care to separate the CA and RA functions – I’m the RA, openssl is the CA, end of story

What do I want to do with this PKI? Eventually, I want to set up openswan/freeswan on the wireless network so that you must have a certificate in order to connect. I will also soon enable client authentication on some pages on my SSL server, if you need a certificate, I’ll let you know and issue you one. In any case – all of my certificates will interoperate with most clients (email and browsers) – the exceptions being older (< 4) Netscapes.

This entry was posted on Monday, January 10th, 2005 at 12:54 pm and is filed under Technology. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Possibly Related