Jensen, J (Jens) wrote:
> A solution is to create a request for the root, save it, then
> use "req" to issue a temporary root. Then set up a mini-CA
> to sign the real root with the temporary root. It works
> because the keys are the same in the temporary and real
> root (both generated from the same request), and because
> in both root certs the issuer and subject DNs are the same.
Hi, good idea, this works of course. Should have
thought about it myself, but that's life: Where
are the good ideas if you need them? ;-)
Thanx a lot,
Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
