| gabriel rosenkoetter on Mon, 27 Jan 2003 12:32:04 -0500 |
|
On Mon, Jan 27, 2003 at 12:12:38PM -0500, Jason Wertz wrote: > My question is, how do you get a certificate for a machine that doesn't > have a web server on it? I use openssl(1). http://www.pseudonym.org/ssl/ssl_cook.html may help with the details. > I've only ever generated a CSR using web server > based tools and in this instance I want a cert for a non-web serving > machine...actually a desktop client. You want to generate a key and, with it, a certificate signing request. Send the CSR to a Certificate Authority, and you'll get a signed certificate back. Store that in a file, and point cURL at it. > The government specifically stated > a Verisign Class 1 digital certificate (which I'm assuming is a server > cert and not a web browser client cert). Don't recall the details of the differences between Verisign classes, but Verisign isn't the only people who'll sell you one. (I don't *think* the government is saying, "You must buy from Verisign," there, I think they're saying, "You must use a certificate authoritiy that adheres to the standards initially implemented by Verisign," but you should check to make sure.) > Oh yeah...I typed this message in a text editor at < 80 columns and > pasted it into GroupWise. I hope that works, our email admin won't make > the formatting change for 1 user. His response...nobody uses a text > based email client :-) It worked, and he's wrong. I do the same thing with Outlook (which I run through a Citrix client on my NetBSD workstation) at work. -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpV7YHCltkWa.pgp
|
|