I'm somewhat new to OpenSSL (and SSL in general) and I'm attempting to use it to encrypt an existing socket communication system in an application we use.
After a morning of experimenting, I've successfully written a small experimental Server & Client app that simply sends a "Hello World" across an SSL-encrypted connection. What took me so long was to get Mandatory Cerificate Verification working (I'm currently using self-signed certificates). But one thing I don't understand is why both the RSA Private Key & Certificate must exist on both ends of the connection. I'm used to using RSA & DSA keypairs in SSH, and had assumed something similar would work here. I *thought* that the Private Key would exist on the Server, while the Certificate would exist on the client, and the password would be entered on the client. As it stands now, however, it seems I have to have the Key, Certificate, and Password on Both Ends. Is this right? -- ---------------------------------------- Randall Hand Visualization Scientist ERDC MSRC-ITL
