If you are just doing server side-authentication then all you need to do is store the cert on the server and distribute the CA public key to all the clients so they trust the cert that the server presents. The CA public key can be stored in the users-directory and the worst thing that will happen is that someone will change the CA in the user directory and the clients will stop trusting the server playing with the permissions ont he CA will prolly help mitigate the chanses of this happening.
It all depends on what you are trying to achieve with these certs? do you need/want client side authentication or just make sure the clients know who they are connecting to or does the server need to know who is connecting to it? Are you looking for a package to do this or write it yourself? Are you going to make your own CA or pay for a recognised CA (If you controlling both client and server I see no reason to get a recognised CA but you will have to do more that way CRL's and the like.) If you could give a bit more information about what you are trying to achive that would help. On Fri, 26 Oct 2001 [EMAIL PROTECTED] wrote: > Hi, all > I would like to use a x.509 certificate to log on unix workstation but it seems >there are no > cots available for this. > Do yo have any information about? > Where do you think I have to store the certificate? a smart card or in the user >directory? > > thanks for any input > > hamlet > _________________________________________________________________________ > > > > -- ----Rory
