> I took the heartbleed bug as a pretext to redo my entire PKI, and > while reading openssl's man page, I have a couple of doubts regarding > the sample configuration file on the CA EXAMPLE section: > > RANDFILE = $dir/private/.rand > ... > default_md = md5 > > I don't know enough about SSL to be sure about anything, but shouldn't > RANDFILE be /dev/arandom (as set on top of /etc/ssl/openssl.cnf) and > hasn't md5 been somewhat deprecated?
That is a quality manual page direct from the OpenSSL team. Amazing isn't it?
