AFAIK, secure certs themselves arent private. Every time someone connects to
your SSL server, they get the certificate sent to them as part of the SSL
negotiation. What _would_ be bad is if your key showed up on that site
(which it wouldnt). The key is the part you really want to protect.
-matt
----- Original Message -----
From: "Josh Levine" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 2:52 PM
Subject: Secure Cert process not secure?!
> I just went through the process of actually activating the free Cert I
> ordered during the promotion.
>
> Entrust goes through great pains to ensure that I am who I say I am, and
> that I represent my company. Finally, through e-mail they send me a
> link to retrieve my certificate. This link takes me to a page that is
> neither password protected nor encrypted - and yet it contains my secure
> certificate in plain text!
>
> Am I missing something here?
>
> --Josh Levine
