I'm trying to get my head round a basic setup. I want to use ssl between a java client and IIS server, I'm happy with a self certification system, i.e. not using Thawte etc. since it is currently only a two terminal setup.
From what I've read to date, openssl seems to fit the bill. I hope so.
Please correct me if I'm wrong. 1. 'me' as CA Generate a key pair and 'self sign' it. 2. Endpoint A (client) Generate a certificate request send it to CA CA signs it and returns a certificate. 3. Endpoint B (server/recipient of REST service) Registers the CA as a trusted authority (how?) 'Has access' to the private key of the CA (the server and CA are in reality one and the same organisation) 4. The client encrypts using the public key returned by the CA 5. The server decrypts using the private key. 1. Is this logic OK. 2., I've used the ca.pl scripts so far which seem to handle most of what I'm after. I'm basing it on http://www.mobilefish.com/developer/openssl/openssl_quickguide_create_ca.html How easy is it to translate this into what I want please? 3. Is openssl the right tool for this scenario? regards -- Dave Pawson XSLT XSL-FO FAQ. http://www.dpawson.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
