Fedor Utenkov wrote:
>
> Hello all,
>
> I have a theoretic question.
> What is the best way to store CA private key ? Put in the file on
> the comp, running the web server and facing the internet seems to me
> not very secure. But from the another point of view I'd like to
> automate an certificate signing procedure.
> Might be it is a doc in the net devoted this problem ? I read an
> OpenCA docs and found it schema safe, but slow for "certificate
> requestors". Are there any other interesting public solutions ?
The very best way is in a smart card or ring, which performs the
encryption functions on the card. This is slow, but acceptable for
a top-level CA -- it's only used to sign certs.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]