Only if they have the CA's private key, or if the CA is using MD5 and is otherwise subject to a "preimage" attack.
The CA's certificate file is harmless to distribute under most circumstances. -Kyle H 2009/7/30 Selçuk Cihan <selcukci...@gmail.com>: > Hi, we have a client-server application. We want our client(win32 > application) to be sure that it is talking to our server indeed(server auth. > only), and we wanted to have this communication secured. We are using > openssl on the client side. Our server is a java application. > > We have created our root ca and issued a certificate to the server using the > root ca. We want to ship our clients with the root ca file. Although i can > not spot any vulnerabilities in this scenario, there is this feeling that > something fundamental is missing, i have gone over network security books > and stuff but still... Can an intruder do harm using the root ca? Any > comments truely appreciated. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
