Hi, I think that the same needs to be said for the private key associated with the server cert. That needs to be kept securely, and not distributed, right?
Jim ---- Kyle Hamilton <aerow...@gmail.com> wrote: > Only if they have the CA's private key, or if the CA is using MD5 and > is otherwise subject to a "preimage" attack. > > The CA's certificate file is harmless to distribute under most circumstances. > > -Kyle H > > 2009/7/30 Selçuk Cihan <selcukci...@gmail.com>: > > Hi, we have a client-server application. We want our client(win32 > > application) to be sure that it is talking to our server indeed(server auth. > > only), and we wanted to have this communication secured. We are using > > openssl on the client side. Our server is a java application. > > > > We have created our root ca and issued a certificate to the server using the > > root ca. We want to ship our clients with the root ca file. Although i can > > not spot any vulnerabilities in this scenario, there is this feeling that > > something fundamental is missing, i have gone over network security books > > and stuff but still... Can an intruder do harm using the root ca? Any > > comments truely appreciated. > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
