The p12 format certificate includes the key and both are encrypted. This seems like the best distribution format. From what I have read most browsers can handle this distribution format since it is used in smart cards. However, on Safari, at least, when you import the certificate you have to enter the encryption key for the certificate and key. Then those are stored in the keychain (without any additional reference to that encryption key). They than can be used by anyone on that machine. It kind of defeats all the effort for security up to that point. DoD addresses this issue by somehow making the certificate not be imported into the keychain, but retained on the smart card only. Pulling the card from the reader eliminates any future use of it. Thats what I would like to achieve. -- Doug _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"