[Users] TLS certificate :Please help..

[Gregoire]

Hello Ferianto!
The certificate you get after running gen_rootsa.sh is a self-signed
certificate (=cacert.pem).
The file cakey.pem is the private key of your own CA that will be used
to signed the certificate(=user-cert.pem) generated by the script
gen_usercert.sh.

You can use the certificate generated by the script gen_usercert.sh on
both side (client-server).
The file user-calist.pem is a list of CA. It will be use by your phone
to identified the CA that have signed the certificate sent by the server.

You can have more informations on this site
http://www.maemo.org/platform/docs/tutorials/certman.html

Regards

Greg

Ferianto siregar wrote:

> Dear all,
>  
> Thank you very much for your time to read this message. Thank you
> All, I have qustion about certificate that we build in openser in
> order the openser support TLS. They are CA root certificate and
> client/server certificate.
> Here is my question:
> 1. What is certificate file that we have got after running
> ./gen_rootca.sh belogs to?
>    I mean, what is cacert.pem, 01.pem, cakey.pem belongs to? Is it
> belongs to server? and for what does it use?
> 2. What is certificate file that we have got after runnign
> ./gen_usercert.sh belongs to?
>    I mean, what is user-cert.pem,user-privkey.pem, user-calist.pem
> belongs to? Is it belongs to server or client? and what does it use?
>  
> I do hope anybody can help me and give me an answer. Please..
> Thank you.
>  
> Regards,
>  
>  
> Ferianto
>
> Get your own web address for just $1.99/1st yr
> <%20http://us.rd.yahoo.com/evt=43290/*http://smallbusiness.yahoo.com/domains>.
> We'll help. Yahoo! Small Business
> <http://us.rd.yahoo.com/evt=41244/*http://smallbusiness.yahoo.com/>.
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Users mailing list
>Users at openser.org
>http://openser.org/cgi-bin/mailman/listinfo/users
>  
>