On 8/29/23 2:32 PM, Tom Brennan wrote:
Sorry - not clear. What I meant was that in this case I ran openssl on
Linux, not on Windows as Charles thought.
Fair enough.
What if I deleted the CA key file after creating the one web cert I
needed? That would probably solve the security issue Charles mentioned,
but then I would need a long-term web cert, maybe not possible anymore
with the browser cap you mentioned.
That's not going to work the way you want.
The certificate is only good if you have the associated key.
If you don't have the key, the certificate isn't worth the disk space
that it takes up.
Grant. . . .
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
