On May 19, 2005, at 4:03 PM, Miles Bradford wrote:
So when you send the CSR including the Public Key - you would send them the
(your) Private Key, also? Then they sign it with a Private Key they've
created? and send it back?
You don't give away your private key to anybody, not even the certificate authority. Since nobody else will see it, there's no value to having it signed, because nobody could verify the signature.
And, of course, the private key is useless if disclosed.
Josh
-- Joshua Juran Metamage Software Creations - Mac Software and Consulting http://www.metamage.com/
* Creation at the highest state of the art *
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
