Hello Ferianto! The certificate you get after running gen_rootsa.sh is a self-signed certificate (=cacert.pem). The file cakey.pem is the private key of your own CA that will be used to signed the certificate(=user-cert.pem) generated by the script gen_usercert.sh.
You can use the certificate generated by the script gen_usercert.sh on both side (client-server). The file user-calist.pem is a list of CA. It will be use by your phone to identified the CA that have signed the certificate sent by the server.
You can have more informations on this site http://www.maemo.org/platform/docs/tutorials/certman.html
Regards
Greg
Ferianto siregar wrote:
Dear all,
Thank you very much for your time to read this message. Thank you All, I have qustion about certificate that we build in openser in order the openser support TLS. They are CA root certificate and client/server certificate. Here is my question:
- What is certificate file that we have got after running
./gen_rootca.sh belogs to? I mean, what is cacert.pem, 01.pem, cakey.pem belongs to? Is it belongs to server? and for what does it use? 2. What is certificate file that we have got after runnign ./gen_usercert.sh belongs to? I mean, what is user-cert.pem,user-privkey.pem, user-calist.pem belongs to? Is it belongs to server or client? and what does it use?
I do hope anybody can help me and give me an answer. Please.. Thank you.
Regards,
Ferianto
Get your own web address for just $1.99/1st yr <%20http://us.rd.yahoo.com/evt=43290/*http://smallbusiness.yahoo.com/domains%3E. We'll help. Yahoo! Small Business http://us.rd.yahoo.com/evt=41244/*http://smallbusiness.yahoo.com/.
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users