I truly, truly wish that people would stop thinking themselves into the "crypto box".
A CA needs to be only as secure as the things that its certificates secure. In this case, if they're trying to create user authentication certificates for their customers so that they can have the full benefits of mutual authentication (which benefits include immunity from the recent prefix-injection attack, among others), why shouldn't their issuing CA be online? No entity other than their authentication server needs to trust that CA. However, to the OP: you can't really do that on any free server where you cannot run your own custom script code. The processes defined for X.509 and PKIX certificate request and issuance are such that it's impossible to implement using a standard HTTP server that doesn't allow code extension. -Kyle H On Thu, Jan 14, 2010 at 12:27 PM, John R Pierce <pie...@hogranch.com> wrote: > Abbass Marouni wrote: >> >> I have a project, in which I am asked to implement an online Certificate >> Authority. >> we will be using website hosted in a free server.(Geocities,...). > > wasn't geocities shut down finally, after stagnating for the last decade? > > anyways, AFAIK, it never let you use any sort of server side scripting or > programming, so would be totally unsuitable for your uses. > > by its very nature, a CA has to be on a very secure system or its pretty > much worthless. free hosts really don't suit that. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
