Hi all I took the heartbleed bug as a pretext to redo my entire PKI, and while reading openssl's man page, I have a couple of doubts regarding the sample configuration file on the CA EXAMPLE section:
RANDFILE = $dir/private/.rand ... default_md = md5 I don't know enough about SSL to be sure about anything, but shouldn't RANDFILE be /dev/arandom (as set on top of /etc/ssl/openssl.cnf) and hasn't md5 been somewhat deprecated? Cheers Zé --
