Just an extra comment, >From the certification trust path, I'm wondering if you have used the following:
One Root CA certificate, that creates the various "Sub Root CA certificates" which are used to sell your products. The advantage is that the Root CA certificate can be removed from the system and be placed totally off-line (no hacker will be able to get access to the private key except by breaking in your premises). The Sub-Root CA certificates are then used in day to day operations and can be left on a machine.... Cheers. Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Web site: http://www.sopac.org/ <http://www.sopac.org/> Support FMaps: http://fmaps.sourceforge.net/ <http://fmaps.sourceforge.net/> Certificate: https://www.sopac.org/ssl/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -----Original Message----- From: Averroes [mailto:[EMAIL PROTECTED]] Sent: Monday, 3 June 2002 8:21 To: [EMAIL PROTECTED] Subject: PKI with Open Source "openssl" Hi All, A good experiment of all openssl's options is at Medracen Website, this site is just for testing purpose, It is a just simulation describing how to implement PKI solution with Open Source software. URL: http://www.medracen.net/ To get your 30 days free Digital Signature Certificate go to URL: http://www.medracen.net/pki.php?url=helium Comments and suggestions are welcome. Thanks you Regards #----- Averroes ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
smime.p7s
Description: application/pkcs7-signature
