Jasper Spit wrote: > Hi, > > The following scenario. I'm running a company that sells software. > When selling software to a new client I create a certificate for > that client and sign it using my company's root certificate. > The software in turn on startup checks if the client's certificate > was signed by my company, by matching it against root.pem which > contains my company's cert. However, when the client alters the > root.pem, or creates its own CA and puts that one in root.pem, > all will be lost :) Is there any way to bypass this ? Has anyone > done a thing like this before ?
More times than I care to remember. You could embed the root cert (or even pubkey) in the software... You could require that it contact a license server... ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
