Self CA Setup

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Self CA Setup

webscool
Hello,

I am using the Win32OpenSSL-v0.9.7f.exe download running on Win Me.

I am writing a web-based accounting system for a client who is a chartered
accountant. He has been using my system for many years in-house. But city
traffic being more of a problem he wants his staff to be able to work from
home so I am writing a webbased interface. Because the data is the financial
data of his clients, it needs to be secured. What I am looking at is a
system that is used by a few trusted staff, but over the internet. I
envisaged that I could create my own certificate authority certificate and
append it to my servers cacert file along with all the others, then create
private key and certificate based on the cacert and put that in the
webserver. I have been able to make a self-cert work but it does bring up an
untrusted message on first use and I am not sure it is really secure in the
internet at large. I have created a certificate authority certificate - a
x509 cert but it is only the encrypted section and not the full verbose form
that cacerts have in the servers cacert file.

When I try:
>exec C:/OpenSSL/bin/openssl.exe x509 -in cacert.pem -text
Error opening Certificate cacert.pem
4294003705:error:02001002:system library:fopen:No such file or
directory:.\crypto\bio\bss_file.c:278:fopen('cacert.pem','rb')
4294003705:error:20074002:BIO routines:FILE_CTRL:system
lib:.\crypto\bio\bss_file.c:280:
unable to load certificate

I dont have a crypto directory or a bss_file.c anywhere. Am I missing
something from the distribution ?

I want to know how to create a full cacert to put in the server cacert file.

I am also wondering if the approach outlined above is adequate.

Perhaps a private reply is appropriate.

Thank you in advance,

Paul Nash
webscool.org
[hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]