Hi,
My current System is:
OS: Windows XP SP2
Compiler: MSVC++ 6 SP5
OpenSSL: 0.9.7e 25 Oct 2004
I am new to SSL and have spent the last few days reading up on it and running example client/server
applications that communicate via SSL. The example applications read in a certificate (mycert.pem) and private key
(myprivkey.pem) from files into the SSL_CTX structure prior to initiating communication. I have generated my
private key without a password and my certificate is self signed:
myprivkey.pem: openssl genrsa -out myprivkey.pem 2048
mycert.pem: openssl req -new x509 -key myprivkey.pem -out mycert.pem
After much reading and experimenting with sample applications I have a couple of questions:
1. I am developing both a client and server application and am somewhat confused as to what needs to be
delivered to the end-user? In my testing, as long as my server has the private key and certificate files to read in,
communication works fine. This leads me to believe that the example is simply doing Server Authentication?
2. I have been made aware of the Microsoft's Certificate Import Wizard...do I need to add my generated certificate as
a Trusted Certificate Authority? Is distributing the private key and certificate safe or is there another way?
Thanks in advance for any help in these matters,
Ron Muck
Senior Software Engineer
[EMAIL PROTECTED]
503.579.1414 x5054
www.nobeltec.com
