Craig White wrote:
My goal was to be my own CA - generate per user certificates and have revocation rights. I haven't had many issues with creating certs for various applications such as ldap/apache etc. I was looking for some granular control for individual users.
I do this manually using OpenSSL commands directly; it's really not that difficult. The biggest issue is ensuring that all your SSL/TLS-enabled services are aware of your CRL (revocation list). As best I can tell, Cyrus IMAP does not currently support a CRL, so you wouldn't be able to stop users from accessing your IMAP/POP servers using a cert you supplied.
This sounds interesting and potentially useful. Patches are always welcome. ;)
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
