Did some research with google and can answer my own question. If a certificate is compromised (the private key is stolen, etc.) the certificate needs to be revoked as it will remain valid till the end of it's term.
Any administrator with access to a cert can revoke the cert. If a challenge password was specified during the certificate signing request that password will be required before the cert can be revoked. So, it seems the sole purpose of the challenge password is to prevent revocation by someone without the password. > What is the purpose of the CSR challenge password. I notice it's optional. > Is it only for the CA to verify the request? -- Randall Perry sysTame Xserve Web Hosting/Co-location Website Development/Promotion Mac Consulting/Sales http://www.systame.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]