> Hello, > I am currently developing an interface to a 3rd party product that requires > HTTPS support using an X.509 certificate. > I have been given instructions on how to generate the certificate using openssl.
> While in development mode (this is a commercial product), do I need > to include some license file or text? Include in what? > So, I would like to know if I have to include a license file or text for > using the openssl certificate in these two cases basically > (development/testing and production). Again, include in what? > Gisella Saavedra I'm having a hard time understanding your question. All you tell us about what you're doing is that it "requires HTTPS support using an X.509 certificate". If it requires a certificate, then you need one to use it. That's what "requires" means. My guess is that your question is about what certificate you should supply to the 3rd party product and where it should come from. There is no way to answer that question without knowing for what purpose the 3rd party product requires the certificate and what you're trying to do. Is it for client validation? Is it for server validation? What *exactly* does it need to validate? (For example, when I connect to amazon.com with a secure browser, what I need to validate and what amazon.com needs to validate are completely different.) If it uses it, for example, to securely identify the client, then you will need to set up a scheme in which the client has a certificate suitable for use for such secure identification. Depending on exactly what your question really is, it may get into deep issues about your security framework and threat models. Or it may be as simple as "generate a self-signed certificate each time" or "go to a CA and get a certificate". It depends on what the certificate is doing in the security framework. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
