Hi I feel lots of people like us do use the OpenSSL CAs. One problem you would face is to install the CA Cert in each and every client browser else that would give pop-ups.. Apart from that, I feel this is as much secure as any commercial CA..
-Krishna On 7/18/06, Urjit Gokhale <[EMAIL PROTECTED]> wrote:
Hi, I am planning to ssl enable my client server application, that I will be making available for commercial use. In this process I had planned to use openssl command line utility as CA to give out certificates (I am going to work as private CA). But just then, I came across a section in "Network Security with openSSL" (O'Reilly), that states "Since OpenSSL's command-line CA functionality was intended primarily as an example of how to use OpenSSL to build a CA, we don't recommend that you attempt to use it in a large production environment." It also talks about freely available CA packages such as openCA and pyCA. So now I am a little confused about using openssl command line utility as CA to give out certificates. What could be the reasons for using anything other than openssl as CA? Are there security issues? Are people using openssl as their private CA? are any particular problems reported regarding the use of openssl as private CA on large scale? I google'd a bit regarding this, could not get any information as such. So decided to ask this on the list. ~ Urjit DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
