> Darn, I thought I explained the problem: openssl "req" seems to require
> private key of the cert requestor, which defeats the whole idea of PKI.
No.
IT is common practice for someone making a certificate request to
prove that they have the private key. This is known as "proof of
possession" and is a common practice.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
