Hello, > OK, perhaps I need to explain this more. I have a client cert > scenario where in order to verify the client's identity a certificate > is used instead of a username / password. I would not like for anyone > to be able to just grab the client certificate and impersonate, so I > would like to add a password to the cert. I would think this would be > similar to where for instance Verisign sends you a certificate for > your webserver, and it has a password on it. Am I mistaken? Certificate is your public key signed by CA (this adds to this "anonymous" two numbers your "personal" information). But your public key comes from generated RSA key pair before (this RSA key pair has public and private key). Certificate is public, your RSA key is private. When somebody wants to verify your identity, then you send him your certificate and some data signed by your private RSA key. Your peer has to: - verify your certificate (with CA cert) - check your signed data (to verify that you have corresponding private key (to certificate)).
This method is used in SSL/TLS to verify client identity. In short: you prove your identity signing some data with your secret private key. Certificates are used by other peers to send some encrypted data to you or your signature check. (after verifying your cert with CA cert). Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
