Oh, you have knowed it, the private key part isn't there, and therefore just is no good to anyone else. ----- Original Message ----- From: Alan Sparks <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 18, 2001 3:48 AM Subject: [openca-users:206] Security of downloaded certificates > Am I missing something? It seems that there is no security whatsoever > on people getting other people's certificates from the OpenCA secure > server page. Just go to the "get certificate" page and put in an > arbitrary serial number and there you go with someone else's > certificate. > > Shouldn't this certificate be pre-encrypted with the PIN the person > submitted when the request was made? Or at least something to prevent > this? > > Or is it just that the private key part isn't there, and therefore just > is no good to anyone else? > > Thanks, just trying to get my head straight. > -Alan > > -- > Alan Sparks, Sr. UNIX Administrator [EMAIL PROTECTED] > Quris, Inc. (720) 836-2058 > > _________________________________________________________________ > OpenCA - Users Support Mailing List [EMAIL PROTECTED] > _________________________________________________________________ OpenCA - Users Support Mailing List [EMAIL PROTECTED]
