Did some research with google and can answer my own question.

If a certificate is compromised (the private key is stolen, etc.) the
certificate needs to be revoked as it will remain valid till the end of it's

Any administrator with access to a cert can revoke the cert. If a challenge
password was specified during the certificate signing request that password
will be required before the cert can be revoked.

So, it seems the sole purpose of the challenge password is to prevent
revocation by someone without the password.

> What is the purpose of the CSR challenge password. I notice it's optional.
> Is it only for the CA to verify the request?

Randall Perry

Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales


OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to