Results 1 to 2 of 2

Thread: SuSE 11 Setup Certificate Authority?

  1. #1
    tsu2 NNTP User

    Default SuSE 11 Setup Certificate Authority?


    Am following the often referenced
    'Scott Morris SuSEblog' (http://www.suseblog.com/?cat=51)

    Don't know if differences between 10.3 (the SuSEblog) and 11 are
    significant.

    Am also trying to reconcile the generic instructions at OpenSSL
    'OpenSSL Certificate Authority Setup'
    (http://sial.org/howto/openssl/ca/)

    After following the SuSEblog steps, the certificates generated
    (including the CA server certs themselves)continue to generate a "Level
    0" error which seems to indicate that the highest level certificates
    still aren't trusted.

    The OpenSSL generic instructions seem to address this by running "make
    init" which doesn't seem to apply when OpenSSL is installed from the
    OpenSuSE repositories (because those files don't seem to exist). Also,
    there is some comment that once OpenSSL is installed onto a system a
    Server certificate for that machine is automatically generated.

    I don't know if that would be the case, and wouldn't really know where
    to look for this. I found the /etc/ssl/ directory which appears to
    likely be related to certificates with a certificate repository in the
    ./certs/ subdirectory, and I also found a ./private/ subdirectory (which
    is empty).

    Some concrete questions :
    1. After creating a CA cert and Server Key, should placing it in the
    /etc/ssl/private/ directory be sufficient to create a CA, or are there
    other steps? I've tried moving the files to this location without
    effect.

    2. Can someone more generally describe the virtual or physical
    architecture of a CA on SuSE? I'm a bit confused because aside from
    there not being any kind of CA application, I'm wondering if there is
    supposed to be pre-assigned paths, directories and possibly a config
    file somewhere that governs how the OS responds and where it either
    looks up CA data physically or virtually.

    TIA.


    --
    tsu2
    ------------------------------------------------------------------------
    tsu2's Profile: http://forums.opensuse.org/member.php?userid=2578
    View this thread: http://forums.opensuse.org/showthread.php?t=401611


  2. #2
    Monex NNTP User

    Default Re: SuSE 11 Setup Certificate Authority?


    Hi,

    to your questions:
    1. what do you expect? It is your decision where to store you
    certifications and you have to configure the apps accordingly where you
    stored you certificates. Anyway it might be a good decisions not to
    store the private key for the root CA on the same system Maybe you
    get more infos when following the discussions here 'Where to put SSL
    Certificates/Key in Suse 11 - openSUSE Forums'
    (http://tinyurl.com/6484k5) and 'Creating a CA in openSUSE - openSUSE
    Forums' (http://tinyurl.com/5u5nzu)

    2. There is a CA module for YaST and you can also use tinyca2 as a CA
    application. You already found the proposed paths but none of the
    applications will use them automatic. You have to configure every
    application separate so that they will use your certs.

    Hope this helps


    --
    Monex
    ------------------------------------------------------------------------
    Monex's Profile: http://forums.opensuse.org/member.php?userid=160
    View this thread: http://forums.opensuse.org/showthread.php?t=401611


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •