Certificate Management and Installation with OpenSSL

Why These Guides?

OpenSSL is a very impressive project, delivering a stunning amount of functionality. Its command specific documentation is very good, and usually sufficiently comprehensive for your needs. However, when it comes to documents describing higher level functionality, such as tasks which span multiple bits of OpenSSL (and hence multiple man pages), it can be lacking. And, even where this sort of documentation isn't lacking, it can be hard to find what you're looking for. So, after having struggled to make Pine recognise a non mainstream CA, I decided to write these documents.

Before Using These Guides

It is assumed throughout these guides that you have a basic understanding of public/private key cryptography, and a fair idea of how to admin your current system.

If you aren't completely sure of the difference between a certificate and a public key, between a signature and a certificate, or between key pairs and certificates, then you may struggle. If this is the case, your best bet is to go to the links section and read a tutorial or two linked from there

Index Of Guides

Other People's Certificates

• Installing CA Certificates into the OpenSSL framework
• Installing Remote Server Certificates into the OpenSSL framework
• Installing Self Signed Certificates into the OpenSSL framework
• Installing and using CRLs (Certificate Revocation Lists) within the OpenSSL or Apache framework
• Installing CA Certificates on Mac OSX, for use by it, Safari etc
• Installing CA Certificates for use with OpenLDAP
• Installing CA Certificates for use within Java

Certificates And Email Clients

• Configuring pine to use TLS / SSL
• Making pine do SMIME
• Configuring mutt to use TLS / SSL

Your Own Cerificates

• Generating and Installing Your Certificates And Keys With Apache
• Generating and Installing Your Certificates And Keys With The UW-IMAP Server
• Serving Your Certificates To Browsers
• Installing Certificates and Private Keys for use by STunnel etc (still to do)
• Installing Certificates and Private Keys to use as client certificates for SMime and authentication (still to do)
• Checking what Certificate You Are Serving
• Some Tips for working with IIS and certificates

OpenSSL as a CA

• Setting up your CA key and certificate
• Signing people's keys
• Revoking Certificates with your CA (And telling people about this using CRLs)

Common Errors and Pitfalls

• error 18 at 0 depth lookup:self signed certificate
• Pine Error: There was a failure validating the SSL/TLS certificate for the server

Mobile Devices

• Mime Types for Delivery
• Mobile Certificate Formats
• Software for Handling Mobile Certificates
• Useful Links

General

• Certificate And Key Formats
• Converting Certificate Formats
• Multiple Certificates In One File
• Using OpenSSL to get a CA Certificate
• Using OpenSSL to get a Server Certificate
• Alternatives to running your own CA
• Links to other documents etc

Mirroring

These documents may be freely mirrored according to the terms of the license (see below). It should be safe to spider the index page, and just tell the spider not to change directories.

In order to figure out if you need to re-mirror, there is a script to help you out, with human readable and machine readable forms. If you have any questions, do get in touch.

Guides Index

Written By: Nick Burch    Last modified: Monday, 15-Jan-2007 16:00:35 GMT
These pages are from http://www.gagravarr.org/writing/openssl-certs/
This work is licensed under a Creative Commons License.