The READIN Family Album
Happy together (Sept. 8, 2001)

READIN

Jeremy's journal

The very idea of the (definitive) translation is misguided, Borges tells us; there are only drafts, approximations.

Andrew Hurley


(This is a page from my archives)
Front page
More recent posts
Older posts

Archives index
Subscribe to RSS

This page renders best in Firefox (or Safari, or Chrome)

READIN

READIN started out as a place for me to keep track of what I am reading, and to learn (slowly, slowly) how to design a web site.

There has been some mission drift here and there, but in general that's still what it is. Some of the main things I write about here are reading books, listening to (and playing) music, and watching the movies. Also I write about the work I do with my hands and with my head; and of course about bringing up Sylvia.

The site is a bit of a work in progress. New features will come on-line now and then; and you will occasionally get error messages in place of the blog, for the forseeable future. Cut me some slack, I'm just doing it for fun! And if you see an error message you think I should know about, please drop me a line. READIN source code is PHP and CSS, and available on request, in case you want to see how it works.

See my reading list for what I'm interested in this year.

READIN has been visited approximately 236,737 times since October, 2007.

🦋 OpenSsl Certificate Authority

I've been working on learning OpenSsl, and pursuant to that I needed to figure out how to implement a Certificate Authority. I messed around some withCA.pl, which is included in the OpenSsl distribution; but there is some kind of compatibilityissue with OpenSsl on my school machines. So here is my solution complete with hacks:

  • openssl genrsa -out cakey.pem 2048
    openssl req -new -x509 -key cakey.pem -out cacert.pem -days 1095


    This creates a private key and certificate for the Certificate Authority
  • perl CA.pl -newca


    I'm just using the functionality in CA.pl for creating a demoCA directorytree. When prompted, specify that you want to use the cacert.pem you created in the previous step.
  • cp cakey.pem demoCA/private/cakey.pem
    echo 1000 > demoCA/serial


    These are two hacks -- CA.pl did not copy my cakey.pem into its proper location,and did not create a serial number file in demoCA. The "1000" could be any number.
  • openssl genrsa -out cli.pem 2048
    openssl req -new -key cli.pem -out cli.csr
    openssl ca -in cli.csr -out clicert.pem


    To create a new signed certificate, follow these three steps: first create a privatekey, then create a certificate request, then sign the certificate request.

posted evening of Tuesday, July 18th, 2006

Respond:

Name:
E-mail:
(will not be displayed)
Link:
Remember info

Drop me a line! or, sign my Guestbook.
    •
Check out Ellen's writing at Patch.com.

Where to go from here...

Friends and Family
Programming
Texts
Music
Woodworking
Comix
Blogs
South Orange
readinsinglepost