Nicolas Ostermann wrote: > > Following is what I did in my Linux server: > > - For my self signed CA certificate: > openssl genrsa -des3 -out ssl.key/CA.key 1024 > openssl req -new -x509 -days 365 -key ssl.key/CA.key -out ssl.crt/CA.crt > openssl pkcs12 -export -in ssl.crt/CA.crt -inkey ssl.key/CA.key -out > pkcs12/CA.p12 > (pkcs12 command to have the ca certificate in pkcs12 format and be able to > import it into browsers) >
That command lets everyone know your CA private key, resulting in zero security. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
