On Jul 4, 2005, at 12:00 AM, Uri wrote:
Tan Eng Ten wrote:But how??? Could you give an example please (of [a] creating, and [b] signing a "req")?How is in the HOWTO (http://www.openssl.org/docs/HOWTO/)Darn, I thought I explained the problem: openssl "req" seems to require private key of the cert requestor, which defeats the whole idea of PKI.
Let's say you're the CA and I'm requesting a certificate from you. I generate a keypair, and *I* create a certificate signing request (CSR). I send you the CSR (which doesn't contain my private key) and you use it to create a signed certificate which you send back to me.
So yes, creating the CSR requires the private key, but the customer does that, not the CA.
At least, that's my understanding; I haven't actually done this myself. Josh -- Joshua Juran Metamage Software Creations - Mac Software and Consulting http://www.metamage.com/ * Creation at the highest state of the art *
smime.p7s
Description: S/MIME cryptographic signature
