Threaded Mode | Linear Mode

rsmithgs · 04-03-2008 04:59 AM

http://www.cacert.org/

Dont quite know how reconised the certificates are though.

Think some dedicated server providers do free SSL certs with packages. But they have to remain with that server.

DaSilva · 04-03-2008 06:01 AM

This cacert gives me a free certificate after the successful test or what?

rsmithgs · 04-03-2008 06:20 AM

Dunno.

I would try and check to see what percentage of browsers will see the certificate as a valid one. Otherwise your back to square one.

Edit : Found this on the site

(*) Please note a general limitation is that, unlike long-time players like Verisign, CAcert's root certificate is not included by default in mainstream browsers, email clients, etc. This means people to whom you send encrypted email, or users who visit your SSL-enabled web server, will first have to import CAcert's root certificate, or they will have to agree to pop-up security warnings (which may look a little scary to non-techy users).

Which would be the same for your self signed certificates.

Though by spreading CAcerts instead of your self signed ones you are helping the spread of the CAcert Root certificate

DaSilva · 04-04-2008 06:49 PM

I know have a certificate from StartSSL but I don't know how to implement it to my server because I only have a *.crt , a *.csr and a *.key file but no *.pem .
How can I use this now?
Thanks.

rsmithgs · 04-04-2008 07:06 PM

DaSilva Wrote:I know have a certificate from StartSSL but I don't know how to implement it to my server because I only have a *.crt , a *.csr and a *.key file but no *.pem .
How can I use this now?
Thanks.

I think you can copy your *.crt and rename the copy *.pem

Cube · 04-04-2008 08:14 PM

But StartSSL is not trusted as well as far as I see.

rsmithgs · 04-04-2008 08:46 PM

Cube Wrote:But StartSSL is not trusted as well as far as I see.

That does look like the case.

If you do not want the certificate errors to appear in the web browser and are looking to get a certificate for free you will need to get the clients to install your certificate on the PC they are using. TO get a reconised certificate you will need to pay money.

fulltilt · 05-20-2008 03:28 AM

error by certificate generation

if i use:

Code:

openssl genrsa -out apache.key.pem -rand private/.rand 2048

openssl req -new -key apache.key.pem -out apache.req.pem

openssl ca -name RootCA -in apache.req.pem -out apache.cert.pem

i get this error in last step openssl ca:

Code:

Using configuration from /usr/lib/ssl/openssl.cnf

variable lookup failed for RootCA::private_key

21745:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=RootCA name=private_key

thibotus01 · 08-01-2009 08:12 PM

This error is still unsolved? I got the same...... Rolleyes

MasterTH · 08-02-2009 04:49 AM

i used the script several times.
may u forget something in the howto??

Threaded Mode \| Linear Mode [HowTo] Create your own SSL CA and secure multiple services
Author	Message