ssl-cert2 ========= ssl-cert2 is a central configuration system for handling multiple services requiring SSL certificates. When a service is installed then it registers with the system, and is given a certificate. The system has several modes of operation. * Completely disabled. The system does nothing more that inform the administrator when a package is installed that requires a certificate. * Sitewide certificates. The system uses one certificate for all services. This certificate can either by provided bythe system admin, or generated by the system. * Per-Service certificates. The system gives each service it's own certificate. Again, either generated by the system, or supplied by the admin. * A mix of the previous 2. Sitewide for some services, individual for other certificates. N.B. The last two configurations are not implemented yet. If you are a package maintainer, and would like to use the system, which will both remove the burden of managing certificates from you, and allow you to support decisions of the admins without difficulty then see README.Maintainers, make-ssl-cert2(8), and dh_sslcert2(1), and ssl-cert2(7). If you are a sysadmin then see README.Admins, manage-ssl-cert2(8), and ssl-cert2(7). This will hopefully explain how to configure the system to your liking. Installation ============ The system requires a POSIX shell, and the OpenSSL binary. It has been tested with OpenSSL 0.9.8, but should work with any version. Download the sources from http://jameswestby.net/ssl-cert2/, untar them and enter the directory. Then run make then make install as root. Helping out =========== The system is at a very early stage of development. I would appreciate any feedback and bug-reports, and any patches to correct them. The latest development branch is available in a bzr branch below the above URL. -- Written by James Westby and licensed under a BSD license. See /usr/share/doc/ssl-cert2/copyright