Fedor Utenkov wrote:
> 
> Hello all,
> 
>   I have a theoretic question.
>   What  is  the  best way to store CA private key ? Put in the file on
>   the comp, running the web server and facing the internet seems to me
>   not  very  secure.  But  from  the another point of view I'd like to
>   automate an certificate signing procedure.
>   Might  be  it  is  a doc in the net devoted this problem ? I read an
>   OpenCA  docs  and  found  it  schema safe, but slow for "certificate
>   requestors". Are there any other interesting public solutions ?

The very best way is in a smart card or ring, which performs the
encryption functions on the card.  This is slow, but acceptable for
a top-level CA -- it's only used to sign certs.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to