> I want to do a commercial client application capable > to handle https (that is the only purpose to include > openssl) and I was wondering if it is legal to > distribute the file that contains the certificates > that were bundled with Netscape.
I am not a lawyer. > Actyally, can a company X generate their own > certificates to be used with openssl instead of those? > I noticed there are some utilities in openssl to > generate certificates. You or anyone can generate certificates. However, certificates are signed by a CA (certificate authority) and there is a chain back to one or more root CA's. Netscape and others have compiled a list of root CA's that they trust. If you can get your users to add you to their root CA list, you can be a CA. This can work for a closed application. But I certainly would not add your certificate to my browser root certificate list. Doing so would let you impersonate anyone - my bank, broker, etc. -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
