"Registers the CA as a trusted authority (how?)"
Yes, that is the entry point into the trust model. A client can only
trust you as much as he trusts the way he got the certificate of the CA
that certified you. So private meetings and USB sticks are usually a
decent way to go I believe.
This indeed means that if you downloaded your web browser from a dodgy
source (and the Internet is dodgy) in theory you can't really trust the
CA certificates that were delivered with it :)
Dave Pawson wrote:
I'm trying to get my head round a basic setup.
I want to use ssl between a java client and IIS server,
I'm happy with a self certification system, i.e. not using Thawte etc.
since it is currently only a two terminal setup.
From what I've read to date, openssl seems to fit the bill. I hope so.
Please correct me if I'm wrong.
1. 'me' as CA
Generate a key pair and 'self sign' it.
2. Endpoint A (client)
Generate a certificate request
send it to CA
CA signs it and returns a certificate.
3. Endpoint B (server/recipient of REST service)
Registers the CA as a trusted authority (how?)
'Has access' to the private key of the CA (the server and CA are
in reality one and the same organisation)
4. The client encrypts using the public key returned by the CA
5. The server decrypts using the private key.
1. Is this logic OK.
2., I've used the ca.pl scripts so far which seem to handle most
of what I'm after.
I'm basing it on
http://www.mobilefish.com/developer/openssl/openssl_quickguide_create_ca.html
How easy is it to translate this into what I want please?
3. Is openssl the right tool for this scenario?
regards
--
Alain Damiral,
I hope this message makes me look like a very intelligent person
Université Catholique de Louvain - student
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
