SSL Certificates HOWTO

Franck Martin

Revision History
Revision v0.52002-10-20Revised by: FM
Adding IPsec information from Nate Carlson, natecars@natecarlson.com / Adding IMAPS and POPS information from Bill Shirley, webnut@telocity.com / Adding WinCrypt information from Colin McKinnon, colin@wew.co.uk
Revision v0.42002-06-22Revised by: FM
Various corrections - adding ASCII Art
Revision v0.32002-05-09Revised by: FM
Adding x509v3 extension information - Correcting spelling
Revision v0.22001-12-06Revised by: FM
Adding openssl.cnf file / Adding CRL info from Averroes, a.averroes@libertysurf.fr / Correcting spelling
Revision v0.12001-11-18Revised by: FM
Creation of the HOWTO

A first hand approach on how to manage a certificate authority (CA), and issue or sign certificates to be used for secure web, secure e-mail, or signing code and other usages.


Table of Contents
1. Generalities
1.1. Introduction
1.2. What is SSL and what are Certificates?
1.3. What about S/Mime or other protocols?
2. Certificate Management
2.1. Installation
2.2. Create a Root Certification Authority Certificate.
2.3. Create a non root Certification Authority Certificate.
2.4. Install the CA root certificate as a Trusted Root Certificate
2.5. Certificate management
3. Using Certificates in Applications
3.1. Securing Internet Protocols.
3.2. Securing E-mails.
3.3. Securing Files
3.4. Securing Code
3.5. IPSec
4. Global PKI
4.1. Current PKIs
4.2. The need for a Global PKI