Marc, On Fri, Mar 03, 2006 at 09:13:13PM +0100, Marc Haber wrote: > /etc/pyca obviously has some files which seem to be Debianisms. The > only configuration file mentioned in the upstream docs is > openssl.conf, while /etc/pyca also having a bunch of "cacert_*.cnf" > files. The information contained there seems like a duplication of > what is already in openssl.cnf. > > The only mention of these files is in README.Debian, saying "you'll > have to edit these files".
These are just extra openssl.cnf's for different CA's. They are documented in /usr/share/doc/openssl/doc/openssl.txt.gz in the openssl package. A note of advice: Editing these files are not trivial. There is a coined phrase "All you never wanted to know about X.509 but was forced to find out.". You want to read documentation on PKI, X.509 and OpenSSL. You might find "X.509 style guide" interesting (search for this on google). If what you are looking for is a quick CA-solution you might want to take a look at the tinyca - which is also a Debian package :) Kind regards, Lars Bahner PS. pyca is not maintained upstream, and is a bit outdated. -- http://lars.bahner.com; Voice: +47 92884492; Postal: N-3870 Fyresdal pub 1024D/54ECB8AF 2004-01-13 Lars Bahner <[EMAIL PROTECTED]> Key fingerprint = 0765 31CE 6223 B28C 1A64 4F7A 9972 7C14 54EC B8AF sub 2048g/39A653E4 2004-01-13 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
