Hello, > But one thing I don't understand is why both the RSA Private Key & > Certificate must exist on both ends of the connection. I'm used to > using RSA & DSA keypairs in SSH, and had assumed something similar > would work here. I *thought* that the Private Key would exist on the > Server, while the Certificate would exist on the client, and the > password would be entered on the client. As it stands now, however, > it seems I have to have the Key, Certificate, and Password on Both > Ends. Is this right? Server RSA key and certificate is used to exchange pre_shared_secret between client and server (client encrypts generated pre_master_secret with server certificate and sends this to server, server decrypts this with its private key). Next pre_master_secret is used to generate master_secret, key_material, passwords ... Client RSA key and certificate is only used to authenticate client by server. You may configure server to not authenticate client and then client RSA key/certificate is not required. In ssh you may choose to use RSA authentication too and then you need to generate key pair (private and public) on client (ssh-keygen) and transfer public key to server to proper location (user authorized_keys file).
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
