Hi,
My current System is:
OS: Windows XP SP2
Compiler: MSVC++ 6 SP5
OpenSSL: 0.9.7e 25 Oct 2004
I am new to SSL and am currently converting our application's communication layer over to used SSL. For the time
being I do not want to go through an official CA to get a signed certificate so I am currently generating my
private key without a password and my certificate is self signed:
myprivkey.pem: openssl genrsa -out myprivkey.pem 2048
mycert.pem: openssl req -new x509 -key myprivkey.pem -out mycert.pem
I have a couple of questions regarding this approach:
1. How safe is running with self signed keys? If this is not safe, what are my options regarding CA signing...
my understanding is that most CA services charge for signing and I am unaware of a "free" CA.
2. I am developing both a client and server application and am somewhat confused as to what needs to be
delivered to the end-user? In my testing, as long as my server has the private key and certificate files to read in,
communication works fine. This leads me to believe that the example is simply doing Server Authentication?
3. I have been made aware of the Microsoft's Certificate Import Wizard...do I need to add my generated certificate as
a Trusted Certificate Authority? Is distributing the private key and certificate safe or is there another way?
Thanks in advance for any help in these matters,
Ron Muck
Senior Software Engineer
[EMAIL PROTECTED]
503.579.1414 x5054
www.nobeltec.com
- Self-signed keys... ron . muck
- Re: Self-signed keys... Ken Goldman
