Uri wrote:
Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing others' public keys) without havign their private keys presented to the signer?[For having to bring private key along with the public key sort fo defeats the whole purpse PKI.]
You are totally right.Because of that CA's (including OpenSSL's ca command) usually work with a certificate request which contains the public key (as well as some other informations like the canonical name). Certificate requests can be generated with OpenSSL's req command.
Hope it helps, Ted ;)
smime.p7s
Description: S/MIME Cryptographic Signature
