# cd /usr/local/ssl/certs # ln -s QuickCA.pem `../bin/ssleay x509 -noout -hash < QuickCA.pem`.0Now whenever your SSLrshd receives a certificate that was issued by the QuickCA it will be able to verify it. Verifying the certificate is only the first step though. Before SSLrshd will grant access to a certificate holder, there must be an entry in the ssl.users file.
For example, to grant access as sjg or simon to the certificat in sjg.pem one could:
# echo sjg,simon:`/usr/local/ssl/bin/ssleay x509 -noout -subject < sjg.pem` >> /etc/ssl.usersAnother way is to look at the errors in /var/log/messages (or where ever syslog puts daemon.notice messages on your system).
For those that simply want to get up and running (or testing) quickly, Quick.com.au provide QuickCA a low assurance certificate facility. It is low assurance because we allow enrolment via a https form and we do not perform 100 point checks, though we only sign requests from our consulting clients. The fees charged are very modest.
We will sign a few certificate requests using a testCA cert (zero assurance) for free so that it is easy to get a working environment setup. While this is a zero assurance facility, bogus looking requests are ignored.
You can obtain our QuickCA cert and current CRL here and the CRL is updated as needed.
$ mv $SSL_CERT $SSL_CERT.old $ sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' < $SSL_CERT.old > $SSL_CERT $ ssleay rsa -idea < $SSL_CERT.old >> $SSL_CERT read RSA private key Enter PEM pass phrase: writing RSA private key Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: $You must enter the old password to unlock the private key, then enter the new password twice to ensure they match. You can also use -des or -des3 rather than -idea if desired.