Hi Richard, How else do you authenticate the "originator of the certificate"
I dont know if you really want to read it up but I found the concept in: http://theory.lcs.mit.edu/~cis/pubs/rivest/rsapaper.ps an explaination to the same. It tells you why an assymetric keypair like RSA is used/needed to sign the certificates. One of the keys is probably what the browser has and the other is the key used to sign the webserver's digital cert generated from the csr. -hth Alok ----- Original Message ----- From: "R. Markham" <[EMAIL PROTECTED]> To: <openssl-users@openssl.org> Sent: Wednesday, January 19, 2005 3:28 AM Subject: AW: Does a root CA need two certificates? > > > >The data is no less secure true.. but the authentication is much easier > >for someone to fake since the certificate chain doesn't go through a > >trusted third party (Root CA) the person says "This is me. End of story" > >and you choose whether you believe it or not. > > Hi Shaun, > > I don't understand why is a root CA which everybody can download from the > internet is more secure than if I use my own CA. I want to make it clear I > am not against using Certificates from an official CA. But in some cases you > can save your money as a expenses for the certificate if you use your self > signed certificate. If you want that only authenticated user can have > access, than you can use SSLVerifyClient in Apache. > > > Regards > > Richard > > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
