Menu
▾
▴
Re: [webmin-l] SSLopen - CA functions
|
From: Robert M. <rg...@ht...> - 2006-03-07 18:24:13
|
At 11:04 AM 3/7/2006, Craig White wrote: >On Tue, 2006-03-07 at 10:29 -0700, Robert Moskowitz wrote: > > Is there any plugin module to perform SSLopen and CA functions. > > > > Minimally I would like to replace > > > > openssl req -newkey rsa:512 -x509 -nodes -out cert.pem - keyout key.pem > > > > with a nice panel that allowed me to create a cert with content I > > want in the directory of my choosing. > > > > The more OIDs supported the better. At least those required for > > standard servers/apps. > > > > PolicyConstraints and the like would be a nice touch! > > > > You already have the webmin/edit_ssl.cgi in Webmin Configuration. It > > does not seem like it would be much to add a minimal cert creation module. > > > > For fuller CA functions would openCA.org provide modules? > > > > What would be really 'neat' would be able to start my own 'CA'. To > > create my own, self-signed root cert and use it to create certs for > > all of my webmin systems and general SSL certs. I would then use > > whatever tool to migrate them to the proper system. Then I would > > only need to install my root in my trusted root list and I am done. > > > > Also would be nice for SSH as well. >---- >there is a program called tinyCA which might prove useful to you Robert, >but I thought that I would chime in to say that a Certificate Server >function within Webmin would be way cool...managing a public html >directory with CRL's and managing CSR's I saw TinyCA, but where I found it (SOurceFroge?), it had not been touched since '04, so I shied away from it. With you referencing it (you have been a great help to me, Craig), I did another search and see it is still active (http://tinyca.sm-zone.net/). So I will look into it, but to use it I will have to start up X. Well I guess I just have to choose a server to run it on... >I don't know the licensing issues with openssl and assume that there are >some because Debian doesn't feel comfortable with them and cannot fathom >how openssl licensing might tie into webmin. Huh? Gee they are using Apache which uses OpenSSL? And how is the webmin/edit_ssl.cgi working? Is this a case of RFC 1925 rule 6? (Ross Callon is an old IETF friend of mine (both members of the IOOF in good standings)). |
