> Ok, so if it is not a problem if the cetifiacte is intercepted, how > to "prove that you are the party the certificate was issued to by > demonstrating possession of the private key " ? Is it a special > configuration the VPN ?
Typically, the receiver of the certificate sends a challenge to the certificate owner. The challenge says, "Here is a nonce that I have just generated. Sign it with your private key and send the signature to me." The challenger verifies the signature with the public key from the certificate. If the signature verifies, it proves that the signer holds the private key associated with the public key. -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
