This seemed the best group for this, so here goes

Can someone explain what a Root Certificate Authority is
and how it relates to a Common Server Certificate

I know how to make it work ( as in what to click and stick in the boxes and
how to generate certificate for clients etc ) but I don’t really get the fundamentals

Possible this answer is going to be loooooooong so if anyone feels like
doing me a certificate for dummies reply I would appreciate it, alternatively
if you could point me to a good ( ideally a opensuse specific ) idiots guide
that would be good too



The system is hierarchical. The Root CA is at the top of the hierarchy. Trust is supposed flow down the hierarchy.

In a simple arrangement, the root CA signs a server certificate, and that signature certifies the validity of the server certificate to the extent that the root CA has chosen to investigate that validity.

In a more complex arrangement, the root CA might sign a certificate for a secondary CA, and in turn that secondary CA signs the server certificate.

I might post a longer “certificates for dummies” at my blog. I hope you don’t mind my stealing that title. If I do decide to post that, then I’ll add a link in this thread.

I would appreciate a “Certificates for dummies”. Blog, or otherwise. :slight_smile:

Certificates for Dummies would be great - they confuse the heck out of me !



I have now setup a Certificates for Dummies post at my blog. I hope it is useful.


Usefull introduction.

And calling names: there were updates in the Update repo (now about a month ago) where FF removed Diginotar from it’s list of trusted CAs.
People reading your "Certificates for dummies"carefuully will now be able to understand waht this means.

That case is an example of what I meant by “The record of CAs has been spotty.”

I meant to get back to you sooner. Thank you for the blog post
It was very useful - best wishes



Are you good with NFS4 as well ???

  • See my earlier post



I have not used much NFS with linux. It would be better for somebody with more experience to write up something about NFS4.

Please, that is very, very off-topic here. When you have an NFS question/problem, start a thread with an explaining title in the Network forum. That might draw the attention of NFS gurus. Not when you hide your question in this thread which has avery different subject.