On Tue, 2003-02-25 at 12:32, Dr. Stephen Henson wrote:
> On Tue, Feb 25, 2003, Nick Gray wrote:
>
> > On Tue, 2003-02-25 at 11:00, Dr. Stephen Henson wrote:
> >
> > You cant call ./Ca.pl -sign a second time. I "knows" about the
> > certificate that was previously made and fails. Now perhaps if I
Dr. Stephen Henson wrote:
Normally you'll generate the key yourself and generate a certificate request
from it. The request (not the key) is sent to the CA and they then send you
the certificate back. The point being the CA never sees your key.
Minor aside: for the purposes of key escrow/recovery
