Comment 67 for bug 305264

Andy Wettstein (ajw-uiuc) wrote :

I am using a self created CA with certificates signed by it.

I used this command to create it:
openssl req -config openssl.cnf -new -x509 -extensions v3_ca -keyout physicsCA/private/cakey.pem -out physicsCA/cacert.pem -days 2190

I create and sign the certificates with these commands:

openssl req -config openssl.cnf -new -nodes -keyout $1.key -out $1.csr -days 1065
openssl ca -config openssl.cnf -policy policy_anything -out $1.crt -infiles $1.csr

The CA certificate file is distributed to all of my machines and is specified in the ldap.conf.

If you want me to attach the openssl.cnf let me know.