[14931] in cryptography@c2.net mail archive
Re: PKI root signing ceremony, etc.
daemon@ATHENA.MIT.EDU (Dave Howe)
Sun Dec 14 10:32:20 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Dave Howe" <DaveHowe@gmx.co.uk>
To: "Email List: Cryptography" <cryptography@metzdowd.com>
Date: Sun, 14 Dec 2003 15:03:39 -0000
Rich Salz wrote:
> Some folks here might be interested in
> http://webservices.xml.com/pub/a/ws/2003/12/09/salz.html
> which walks through a secure, auditable root keygen and signing
> ceremony. The context is using OpenSSL to build a PKI so that we can
> write an XKMS server, building up to secure Web Services messages
> using XML DSIG and Encryption.
>
> But hey, ya gotta start somewhere.
Looks good. A group I am involved with followed though similar steps a few
years ago - using openssl and batch files.
These days there is a very nice oss/free gui tool which makes the whole
process a whole lot easier - check out:
http://sourceforge.net/projects/xca
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
