The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Previous Message  |  Next Message 
 Some more links (Was: article was good)
Author: cam 
Date:   13-09-02 17:08

Andrew,

this isn't pedantry - making the mistake of exporting your server's private key invalidates the entire process. Would you say it was pedantic for banks to advise people not to write their PIN number on their bank cards in dayglo ink? Practical, yes, pedantic, no.

Otherwise, yes, a good article. For reference, here are the MIME type lines needed for apache's conf file to allow you to place server certs, crls and client certs - encrypted, of course - onto your site.

AddType application/x-x509-ca-cert crt
AddType application/x-pkcs7-crl crl
AddType application/x-x509-user-cert p12

For an admittedly technical lowdown on the various PKCS formats, see:

http://www.rsasecurity.com/rsalabs/pkcs/index.html

Also good intro stuff on certificates, see the stunnel site:

http://www.stunnel.org/faq/certs.html#ToC1

 Reply To This Message  |  Forum List  |  Flat View   Newer Topic  |  Older Topic 

 Topics Author  Date
 DO NOT!! use PKCS#12   new
Kaur 04-04-02 13:13 
 Re: DO NOT!! use PKCS#12   new
Dan Langille 04-04-02 18:20 
 Re: DO NOT!! use PKCS#12   new
Erik 05-04-02 19:26 
 Re: DO NOT!! use PKCS#12   new
Dan Langille 06-04-02 03:16 
 article was good   new
Andrew 26-06-02 04:19 
 Some more links (Was: article was good)   new
cam 13-09-02 17:08 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org