[CentOS] Certificates Revocation Lists and Apache...
Paul Heinlein
heinlein at madboa.com
Thu Nov 5 17:39:08 UTC 2009
On Thu, 5 Nov 2009, John Doe wrote:
>> Also, there's an Apache bug that fouls things up if the "CA" and
>> "CA SSL" root certificates both have the same CN:
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=45708
>
> Hum.. that might be the case...
> They must all use 'myhost.mydomain' as CN...
> Do you know how to specify different CNs in a common openssl.conf file?
I use a Makefile wrapper around the openssl calls. Here's a condensed
version:
----- %< -----
#
# usage:
#
# make my.hostname.com.csr -- generate a CSR for host
# make my.hostname.com.crt -- build a CA-signed certificate
#
CONF = openssl.cnf
OPENSSL = openssl
SUBJECT = /C=US/ST=OR/L=Portland/O=Our Organization
CSRARGS = req -new -config $(CONF)
CRTARGS = ca -config $(CONF)
.PRECIOUS: %.key
%.key:
$(OPENSSL) genrsa -out $@ 2048
%.csr: %.key
$(OPENSSL) $(CSRARGS) -key $^ -out $@ -subj "$(SUBJECT)/CN=$*"
%.crt: %.csr
$(ENV) CN=$* $(OPENSSL) $(CRTARGS) -in $^ -out $@
----- %< -----
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the CentOS
mailing list