On Sun, May 16, 2004 at 03:17:14PM +0800, samwun wrote: : Can anyone tell me how to distribute X509 certificates to clients safely? : I thought of ordinary email (without pgp), but that is in plaint text : mode, and can be downloaded by someone else. : PGP mail is complicated.
Specifically, what are you trying to do? Are you a CA, issuing certs to clients who have sent you requests? If that's the case, you can use any method -- e-mail, website, whatever. A "certificate" is just a request that's been signed by someone (in theory, a verifiable CA, but that's optional). The cert is *meant* to be public, and in most cases will be exchanged (at the code level) to anyone who asks, as part of initializing an encrypted conversation. The key (generated as part of the cert request), on the other hand, should not be transmitted in the clear. -but if you're acting as a CA, the client never sends that to you anyway. If I've misunderstood your question, please explain/elaborate. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
