Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 625 — #651
i
i
i
i
i
i
i
i
26
Security in the Network
Figure 26.1: YaST CA module -– Basic Data for a Root CA
(roughly ten years). This long period makes sense because the replacement
of a deleted CA involves an enormous administrative effort. Clicking ‘Ex-
tended’ opens a dialog for setting different attributes from the X.509 exten-
sions (Figure 26.4 on page 629). These values have rational default settings
and should only be changed if you are really sure of what you are doing.
In the third and last step, YaST displays the current settings for confirma-
tion. If you click ‘Create’, the root CA is created and then appears in the
overview.
Note
In general, it is best not to allow user certificates to be issued by
the root CA. It is better to create at least one CA and create the
user certificates from there. This has the advantage that the root
CA can be kept isolated and secure, for example, on an isolated
computer on secure premises. This makes it very difficult to
attack the root CA.
Note
625SUSE LINUX Enterprise Server