Bernhard Froehlich wrote:
Uri wrote:
Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing
others' public keys) without havign their private keys presented to
the signer?
[For having to bring private key along with the public key sort fo
defeats the whole purpse PKI.]
You are totally right.
Because of that CA's (including OpenSSL's ca command) usually work
with a certificate request which contains the public key (as well as
some other informations like the canonical name). Certificate requests
can be generated with OpenSSL's req command.
But how??? Could you give an example please (of [a] creating, and [b]
signing a "req")?
Thanks!!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
