Am 20.12.2014 um 14:41 schrieb Hans Witvliet:
On Fri, 2014-12-19 at 00:58 +0100, Benjamin wrote:
Am 18.12.2014 um 19:31 schrieb Anton Aylward:
On 12/18/2014 12:50 PM, Benjamin wrote:
I also tried the cert which is produced by:
CA.pl -newca
and this cert works with nginx! I trust you are aware that there are different types of certificates?
Once upon a time some were marketed as 'web certificates' specifically for web sites/server ... And others for email and others ...
Now it seems that they have more to do with scope and validity.
Individual ... Site ... Domain ... Multiple domains
and how 'verified' it is.
What scope & validation do you expect a self-signed cert to have?
I hope I got your question right ;) I just want to use the certificate for "private" use, which means, that it is just a small owncloud, which I want to use to sync my calendars and contacts and smaller files with my android phone and my laptops. Unfortunately Android requires x.509v3 extension for certificates where the CA-Flag is true. Anyway I must confess, that I don´t really know much about certificates and security, but it still seems quite obscure to me what a Ca-Authority is and how it is connected to the certificate my webserver is using and why android demands this extension… Hi Benjamin,
You have to do it in multriple steps: 1) create a selfsigned CA-certificate 2) create a client (or server) certificate signing request 3) sign the CSR from step-2, with the CA from step-1
hw
Hmm that would mean as far as i understand it, that i make CA with (Step1) ../CA.pl -newca and then (Step2) ../CA.pl -req and step3: sign this request with the cakey.pem by: CA.pl -sign
...if i got you right, then this is already what i did, but then the self-signed cert. is CA=false which is the whole problem with the android device, which doesn´t accept such certs...
Would it be problematic to use the cacert.pem which is produced by ../CA.pl -newca? Because this one works on my android device. But I am not sure if this is also secure, if the whole thing has something to do with security. You see i want to be sure, that my small webserver is "sufficient" secure so that no bad guys can use it with their criminal intent ;)
Best, Benjamin. Hi People! I just found out, that opensuse has a very nice gui to manage ca-certificates: yast2-ca-management … I run through all the steps and created a rootca and a server certificate with CA=TRUE (which you can easily set up in the gui ;) ). Now I want to export this server certifcate to integrate it into my webserver, but somehow it is not
Am 21.12.2014 um 23:26 schrieb Benjamin: possible to export the certificates…the "Export" Button is greyed out and i don´t no why this is the case … Any suggestions? Thanks Benjamin. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org