Results 1 to 2 of 2

Thread: SuSE 11 Setup Certificate Authority?

  1. #1
    Join Date
    Jun 2008
    San Diego, Ca, USA
    Blog Entries

    Question SuSE 11 Setup Certificate Authority?

    Am following the often referenced
    Scott Morris SuSEblog

    Don't know if differences between 10.3 (the SuSEblog) and 11 are significant.

    Am also trying to reconcile the generic instructions at OpenSSL
    OpenSSL Certificate Authority Setup

    After following the SuSEblog steps, the certificates generated (including the CA server certs themselves)continue to generate a "Level 0" error which seems to indicate that the highest level certificates still aren't trusted.

    The OpenSSL generic instructions seem to address this by running "make init" which doesn't seem to apply when OpenSSL is installed from the OpenSuSE repositories (because those files don't seem to exist). Also, there is some comment that once OpenSSL is installed onto a system a Server certificate for that machine is automatically generated.

    I don't know if that would be the case, and wouldn't really know where to look for this. I found the /etc/ssl/ directory which appears to likely be related to certificates with a certificate repository in the ./certs/ subdirectory, and I also found a ./private/ subdirectory (which is empty).

    Some concrete questions :
    1. After creating a CA cert and Server Key, should placing it in the /etc/ssl/private/ directory be sufficient to create a CA, or are there other steps? I've tried moving the files to this location without effect.

    2. Can someone more generally describe the virtual or physical architecture of a CA on SuSE? I'm a bit confused because aside from there not being any kind of CA application, I'm wondering if there is supposed to be pre-assigned paths, directories and possibly a config file somewhere that governs how the OS responds and where it either looks up CA data physically or virtually.


  2. #2
    Join Date
    Jun 2008

    Default Re: SuSE 11 Setup Certificate Authority?


    to your questions:
    1. what do you expect? It is your decision where to store you certifications and you have to configure the apps accordingly where you stored you certificates. Anyway it might be a good decisions not to store the private key for the root CA on the same system Maybe you get more infos when following the discussions here Where to put SSL Certificates/Key in Suse 11 - openSUSE Forums and Creating a CA in openSUSE - openSUSE Forums

    2. There is a CA module for YaST and you can also use tinyca2 as a CA application. You already found the proposed paths but none of the applications will use them automatic. You have to configure every application separate so that they will use your certs.

    Hope this helps

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts