Sasidharan schrieb: > > Please correct me in my understanding of this PKI concept: > Part #1 > I understand that the certificate contains public key only. Now say I want > to send a mail to a collegue of mine. He sends across a certificate to me > containing his public key. All I need to do is to import the certificate in > my personals list and the next time I try to send the person an encrypted > mail, my outlook application shall encrypt it using the public key from the > cert.
Correct. > Part #2 > But yes, if am trying to import a certificate for myself, then ofcourse I > need to import the certificate along with the private key. But how do I do > that. I mean I have the user.key file and the user.crt file. Now how do I > import the two and protect my private key... This is normally done with a PKCS#12-file. There two possibilities: 1. You generate the request with your browser. the browser has now the key and you have not to import the key. You must only import the certificate. 2. You generate the key on the server. Then you can build the a PKCS#12-file with "openssl pkcs12" or you use openca-browserexp. The new versions of OpenCA (0.9.0 and the RCs of 0.9.1) have a button for PKCS#12-download. Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- In remembrance www.osdn.com/911/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
