DESCRIPTIONThe scripts in ths suite are basically wrappers around openssl(1). Additionally the scripts integrates the generic CA-functionality with the mail-system and apache for handling certificate requests; with LDAP for handling distributing certificates and revocation lists; and cron for maintenance tasks.
- Write CA certificates and CRLs to a LDIF file. This is intended for initially setting up the CA entries not for daily CRL update. The entries are of objectclass certificationAuthority and contain the attributes cACertificate;binary, authorityRevocationList;binary and certificateRevocationList;binary. This might require extending schemas on LDAPv2 servers. Have a look at your LDAP servers configuration documentation.
- Send all certs and CRLs to a LDAP repository.
- Copy all CA certificates defined in an OpenSSL configuration to a bundled PEM file or a directory with hash-named symbolic links. This is quite handy in conjunction with ApacheSSL or Apache with mod_ssl for copying the files for SSLCACertificateFile or SSLCACertificatePath.
- This simple script prints all CA certs on stdout. It is intended to generate authentic printouts (on paper!) of the CA certs fingerprints and is typically run on the private CA system. Choose the option --html to generate nicer formatted HTML-output instead of the default textual output in ISO-8859-1.
COPYRIGHTCopyright © 2001 - 2003 Michael Ströder <[email protected]>
This software including all modules is Open Source and given away under: GPL (GNU GENERAL PUBLIC LICENSE) Version 2.
The author refuses to give any warranty of any kind.