Urjit Gokhale wrote:
So now I am a little confused about using openssl command line utility as CA to give out certificates. What could be the reasons for using anything other than openssl as CA? Are there security issues? Are people using openssl as their private CA? are any particular problems reported regarding the use of openssl as private CA on large scale?
I use openssl for CA management without any problems at all. I think all of the issues are related to implementation rather than capability (FIPS notwithstanding). Other tools may provide more convenient interfaces, but the same basic principles apply.
Remember that a CA is a valuable resource, so protect it well. My CA is essentially a portable directory of files that is strongly encrypted when I'm not using it. How you scale this depends on the needs of your organization.
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
