In message <[EMAIL PROTECTED]> on Mon, 04 Jul 2005 00:00:20 -0400, Uri <[EMAIL PROTECTED]> said:
urimobile> Tan Eng Ten wrote: urimobile> urimobile> >> But how??? Could you give an example please (of [a] urimobile> >> creating, and [b] signing a "req")? urimobile> > urimobile> > How is in the HOWTO (http://www.openssl.org/docs/HOWTO/) urimobile> urimobile> Darn, I thought I explained the problem: openssl "req" urimobile> seems to require private key of the cert requestor, which urimobile> defeats the whole idea of PKI. Here's the excerpt of the urimobile> HOWTO you're referring me to. It is not helpful, sorry - urimobile> for the above reason (private key necessary). urimobile> urimobile> The certificate request is created like this: urimobile> urimobile> openssl req -new -key privkey.pem -out cert.csr OpenSSL, as well as *any* other software that produces CSRs, requires that a private key be *used* to sign the CSR. That does not mean that the private key gets included in the CSR, just the signature. However, the *public* key gets included in the CSR. So you see, the private key, is necessary, but not for the reasons you seem to imagine. It looks to me like you need to read up on public key cryptography and how a X.509 PKI works. There are books on the subjects. Cheer, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
