Hello, as a newbie, I have some assumptions / questions hereafter about OpenSSL and certificates. Many thanks to correct / confirm me.
- a certificate is a public key with metadata - metadata contain mandatories (ie. subject and issuer) and optional parameters - there is no relation between the key algorithm (ie.RSA) and the format of the certificate (ie.PKCS#12) - a certificate can always be converted to another format - the certificate request (.csr) is obsolete (and so should be deleted) once the certificate is created by the CA - technically speaking a 'home-made' CA is egual to a 'professional' CA - the CA remains fully secure as long its private key remains undistributed / uncompromised - for a CA, files serial & index files allows to maintain a (type of) database to persist which certificates (with related metadata values) were created by this CA - serial information within the certificate is useless - can a certificate contain more than one public key ? Thanks for attention. Bye, Bruno -- Bruno Costacurta PGP key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 --
pgpEJ1qgajTmB.pgp
Description: PGP signature
