Home Forums OS X Server and Client Discussion Questions and Answers Leopard Server – Certificate Assistant

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • May 15, 2008 at 8:44 pm #372765
    MacEdge
    Participant

    HI

    I am trying to use Certificate Assistant on Leopard server to create my own CA for signing certificates for use with the service, mail, iCal, iChat and VPN. So far I have been unable to find any good information/tutorials on the steps I need to take to achieve this.

    The closest I have come to finding any information on achieving my goal is here on afp548.com (https://www.afp548.com/article.php?story=20050813004038282) Unfortunately this is aimed at Tiger server and Certificate Assistant in Leopard has changed so I am not 100% that following this guide and trying to match it to what I am seeing in Certificate Assistant on Leopard is correct. The article also falls short on providing any information for configuring what is needed on the client machines.

    Can anyone offer some assistance in providing me with the steps I need to take to get things up and running on Leopard Server, Particularly in securing Leopard VPN using certificates for L2TP authentication rather than using a shared secret?

    Appreciate any help..

    Steve.

    May 16, 2008 at 2:43 pm #372784
    MacRaider
    Participant

    Hi

    I too am interested in achieving the same thing and would be keen to learn if you get a resolution to this. I have been trawling the net and searching Apple discussions to no avail so far and the posts I have read, like you have found, all seem to relate to 10.4 server.

    Macraider

    May 16, 2008 at 6:54 pm #372790
    khiltd
    Participant

    Certificate Assistant is incredibly buggy, and even when you do everything right it will frequently fail to generate anything useful and leave a bunch of hung orphan processes laying around you either have to find and clean up or restart the entire machine before it will let you try again. It’s much easier to simply use openssl directly:

    [code]openssl genrsa -des3 -out ca.key 2048

    openssl req -new -x509 -days 365 -key ca.key -out ca.crt[/code]

    May 16, 2008 at 7:46 pm #372791
    MacEdge
    Participant

    [QUOTE][u]Quote by: khiltd[/u][p]Certificate Assistant is incredibly buggy, and even when you do everything right it will frequently fail to generate anything useful and leave a bunch of hung orphan processes laying around you either have to find and clean up or restart the entire machine before it will let you try again. It’s much easier to simply use openssl directly:

    [code]openssl genrsa -des3 -out ca.key 2048

    openssl req -new -x509 -days 365 -key ca.key -out ca.crt[/code][/p][/QUOTE]

    Thak you for your reply.

    Do you have or know of any step by step instructions on using openssl to accomplish what I need? As I posted above “Particularly in securing Leopard VPN using certificates for L2TP authentication rather than using a shared secret?”

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.