Setting up a certificate authorityAugust 30, 2005Having had yet another run in with Apache SSL (mod_ssl) and being very disapointed with the service of Thawte, I decided to have a go at setting up a certificate authority. Setting up a CA doesn't really serve any purpose because no one is going to bother to install my cacert into their browser but here isn't always a purpose to everything that a geek does. Besides a friend of mine, a cryptograpy specialist had thrown me challenge to set one up (this is a separate development). As usual being Fedora user I was at a disadvantage. The openssl installation on the system by Red Face does not include the CA.pl (or CA.sh) script. And it does not include the sign.sh script. Not having these scripts means you need to do a hell of a lot of typing. Fortunately, I could dig up a copy of sign.sh with a little googling and decided to make do with out CA.pl Even without CA.pl creating a root certicate is straight forward and howto do so is well documented in the apache SSL guide. So I should be signing off now but as often happens what works on the local server does not work on the production server. When ever the https url is accessed all you see is that famous message: The connection to www.raditha.com terminated unexpectedly. Some data may have been transferred.
I have seen this happen with google adwords as well, So I am in good company. A google search reveals that gazillion others have run into the same issue. A gazillion pundits pundits have answered without really knowing what they are talking about. So this is going to be put in the back burner till tommorow. 
|
|
