On Sat, May 14, 2011 at 8:06 AM, Dave Thompson <dthomp...@prinpay.com>wrote:
> > The latter, as long as you transfer the private key from your machine > to the server along with the certificate from the CA. > > You do need to keep *both* machines (keygen and server) secure > and also the transfer process. It's usually a little *simpler* > to generate on the server, so that's what people usually do. > But any process that produces a valid cert C from a CSR for key P, > and puts C and P together on the desired machine, works. > > All Right! Thanks a lot! I have another confusion. Do we "actually" need a third party to make our certificate? I mean, we can generate self-certified certificates, right? So, will my production machine not run if I don't use CAcert.org or GoDaddy or Verisign? What if, I go for my self-certified certs and jks? -- Best, Zico
