On Wed, Apr 30, 2014 at 6:59 AM, Michael Wojcik <[email protected]> wrote: > All of these approaches have already been suggested in this thread. Is it > really necessary that we go through them again? > >
What hasn't been suggested is giving each server, etc. its own sub-CA signed by the root. Then there won't be a need to have the root key at multiple places and not problems with serial. Additionally, clients will only have to install and trust the root, which should make the whole thing easier to deploy. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
