Am following the often referenced
‘Scott Morris SuSEblog’ (http://www.suseblog.com/?cat=51)
Don’t know if differences between 10.3 (the SuSEblog) and 11 are
significant.
Am also trying to reconcile the generic instructions at OpenSSL
‘OpenSSL Certificate Authority Setup’
(http://sial.org/howto/openssl/ca/)
After following the SuSEblog steps, the certificates generated
(including the CA server certs themselves)continue to generate a “Level
0” error which seems to indicate that the highest level certificates
still aren’t trusted.
The OpenSSL generic instructions seem to address this by running “make
init” which doesn’t seem to apply when OpenSSL is installed from the
OpenSuSE repositories (because those files don’t seem to exist). Also,
there is some comment that once OpenSSL is installed onto a system a
Server certificate for that machine is automatically generated.
I don’t know if that would be the case, and wouldn’t really know where
to look for this. I found the /etc/ssl/ directory which appears to
likely be related to certificates with a certificate repository in the
./certs/ subdirectory, and I also found a ./private/ subdirectory (which
is empty).
Some concrete questions 
:
-
After creating a CA cert and Server Key, should placing it in the
/etc/ssl/private/ directory be sufficient to create a CA, or are there
other steps? I’ve tried moving the files to this location without
effect.
-
Can someone more generally describe the virtual or physical
architecture of a CA on SuSE? I’m a bit confused because aside from
there not being any kind of CA application, I’m wondering if there is
supposed to be pre-assigned paths, directories and possibly a config
file somewhere that governs how the OS responds and where it either
looks up CA data physically or virtually.
TIA.
–
tsu2
tsu2’s Profile: http://forums.opensuse.org/member.php?userid=2578
View this thread: http://forums.opensuse.org/showthread.php?t=401611
Maybe you