Two common cert request formats are PKCS#10 and Netscape's SPKAC, which
is the "Signed public key and challenge." The challenge is primarily
to support completion of an enrollment/certification process when the
cert is retrieved OOB (cf. Verisign's enrollment process in which the
binding of the e-mail address in the cert is verified by sending mail
to that address with the URL where the cert may be retrieved, and the
challenge phrase is used as a passphrase in order to get the cert).
The self-signed object is required to ensure proof-of-possession of
the private key associated with the public key to be bound to the
identity in the cert.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
