According to xjin:
> As you know, SSLeay stores some information about applicants'
> certificates using a plain text file. When this index.txt file is destroyed
> by intruders or by accident a CA will lose all the information about
> applicants' certificates.
And the situation is exactly the same if the data store behind the DB
is destroyed etc etc. Whatever storage you have backing the CA is something
that needs to be very carefully managed in terms of security and in terms
of making sure that it is not lost or destroyed.
A database can help in that it usually introduces the right sort of
mindset and discipline into the setup ... but I've know of lots of companies
operating on non-backed up DBs and assuming that somehow by magic the DB
did the right thing even if you didn't provide it with a tape drive and
tapes.
The thought of people running commercial CAs on top of the example 'ca'
program is rather concerning ... it is a demo/test setup and not something
that is designed for production use.
Tim.
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
