As I understand it, the client signs data sent from the server in order to authenticate itself. Therefore yes it does need its private key.
On Tue, 18 Jan 2005 11:17:01 +0000, Shaun Lipscombe <[EMAIL PROTECTED]> wrote: > > If the client sends the server its certificate (public key) and the > server validates the signature against the list of CA's to see if the > client is authenticated/valid then my question is... if the client is > not going to use the private key for signing does it even NEED the > primary key AT ALL? Can it be deleted? > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]