Hi Is using the browser to generate the private key the only option? If you want to use PKI in some 3rd party application with OpenCA you have to generate the key in your browser, and also download the signed certificate into your browser and then export them both to files for the 3rd party app. Would it be possible to include an option where the request for a cert also allows the server side generation of a key which can be downloaded to file by the user and then deleted from the server. I realise that there is an issue of trust involved here.... how can we know if the server is deleting the private keys for example? Doesn't the server have access to the private key when it generate the request anyway? Perhaps in the case where your CA is offering certs to outside entities it is problematic to do this. Would it be feasible in the case where the CA is only issuing certs for internal use for internal applications? regards Tim _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/openca-users
