Re: Setting up a CA and signing certificates with it

Following this thread: 1. I setup an account in cacert.org for having certificates emitted with them. Then I generated a couple of certificates, one for the EPP Apache module and one for the client (which means that both certificates are different, not the same situation described in the README file in /usr/share/fred-mod-eppd/ssl/README. Now, I notice both certificates are emitted by the very same CA, cacert.org in this case. They work perfectly. So I have some questions: a) What happens if nic.cr has its own certificates with, say, cacert.org and the clients using fred-client generate certificates using the same CA, but with their own usernames?. My guess is that it shouldn't be a problem, because the CA cert associated in the eppd module configuration is the same. That is, for the EPP module certificate nic.cr use a cacert.org user like, say, "nicrcr" and the client connecting with nic.cr use their own user, say, "client1". b) What if nic.cr uses, say, cacert.org for the EPPD Apache module, but a client uses, Certplus, Thawte or Verising for signing their fred-client certificates?. c) I have tried to use our own (test) CA following the procedure in http://www.tc.umn.edu/~brams006/selfsign.html, part 1B, but it does not work. I guess I have to include something and I'm not aware of it. Thanks in advance. -- Mario Guerra <mguerra(a)nic.cr>