Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Mon, 04 Jul 2005 17:16:31 -0400, Uri <[EMAIL
PROTECTED]> said:
urimobile> /At least two demoCA sripts - CA and CA.pl
CA.sh and CA.pl both do the same wrong thing, bundle the private key
with the CSR (Certificate Signature Request or something like that,
described in PKCS #10, and what 'openssl req' mainly produces) in
newreq.pem. I'm changing that for OpenSSL 0.9.8 and on.
Cheers,
Richard
Whenever I get people asking how to make certificate requests with Win32
OpenSSL, I've generally told them to install Perl 5.6 or better and then
use CA.pl.
And there are a lot of people who are using CA.pl out there in this
fashion as a result of my recommendation. Thankfully, most CA's
probably are honest enough to just look at the stuff they are supposed
to sign and people only need certs once in a while, but the private key
probably gets transmitted as cleartext with the rest of the CSR (i.e.
someone sniffing packets _might_ get the private key).
I'm looking forward to all of the changes 0.9.8 brings.
Thomas Hruska
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
