Menu
▾
▴
Re: [webmin-l] SSLopen - CA functions
|
From: Craig W. <cra...@az...> - 2006-03-09 22:23:30
|
On Thu, 2006-03-09 at 14:30 -0700, Robert Moskowitz wrote: > At 01:31 AM 3/8/2006, Jamie Cameron wrote: > >On Wed, 2006-03-08 at 01:29, Robert Moskowitz wrote: > > > Is there any plugin module to perform SSLopen and CA functions. > > > > > > Minimally I would like to replace > > > > > > openssl req -newkey rsa:512 -x509 -nodes -out cert.pem - keyout key.pem > > > > > > with a nice panel that allowed me to create a cert with content I > > > want in the directory of my choosing. > > > > > > The more OIDs supported the better. At least those required for > > > standard servers/apps. > > > > > > PolicyConstraints and the like would be a nice touch! > > > > > > You already have the webmin/edit_ssl.cgi in Webmin Configuration. It > > > does not seem like it would be much to add a minimal cert creation module. > > > > > > For fuller CA functions would openCA.org provide modules? > > > > > > What would be really 'neat' would be able to start my own 'CA'. To > > > create my own, self-signed root cert and use it to create certs for > > > all of my webmin systems and general SSL certs. I would then use > > > whatever tool to migrate them to the proper system. Then I would > > > only need to install my root in my trusted root list and I am done. > > > > > > Also would be nice for SSH as well. > > > > > > >Have you had a look at the Certificate Manager module, available from > >http://www.webmin.com/download/modules/certmgr.wbm.gz ? It can create a > >CA and sign certificates, unlike the built-in Webmin 'SSL Encryption' > >page which just generates a self-signed cert. > > I have installed the module and it is not able to 'create a CA'. > > "This module allows you to manage SSL certificates installed on the > system. With this module, self-signed certificates and certificate > signing requests (CSR) can be generated. Certificates can be > imported, exported, deleted and viewed. " > > There is the ablility to specify a CA cert, but it only seems to be > able to create self-signed certs. > > So when I get home tomorrow, I am going to startup TinyCA2. ---- I have had so many other things on my plate that I haven't been able to take a look at this or even to say, Jamie - that Certificate Manager modules sounds completely awesome but to you Robert... it's easy enough to create your own CA Certificate. The problem lies not with creating the CA Certificate but in managing the activities...CRL's, CSR's etc., serializing certificates, etc. and I will get you instructions on creating your own CA Certificate if you want to experiment more. Of course, you should also check out tinyCA too... It's probably pretty similar (and has the ability to generate the CA Certificate itself). As far as I could tell, tinyCA was a series of perl scripts, probably not much different than you are likely to get from the Certificate Manager modules except one is webmin and the other requires a wx/GTK+ or wx/GTK2 graphic interface. Craig |
