In message <000001c2915e$257149d0$0101a8c0@osiris> on Thu, 21 Nov 2002 14:01:45 +0100,
"Jasper Spit" <[EMAIL PROTECTED]> said:
j.spit> For non-web based OpenSSL applications, is it still necessary
j.spit> or recommended to use certificate requests to obtain a new
j.spit> certificate ? Currently my application just creates a new X509
j.spit> certificate with X509_new(), sets things like Common Name and
j.spit> has that certificate signed by a (self-signed) CA root
j.spit> certificate. I can understand that for certificates that are
j.spit> to be signed by e.g. VeriSign you use a certificate signing
j.spit> request, but for applications like mine I don't see the need
j.spit> to use one. Maybe I'm overlooking something ?
A counter-question: why should I trust your CA? I might trust it if
it's certified by a CA I trust, or if your EE cert is signed by a CA
that I trust...
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
