I'm going to hop in here and mention that MacOSX has a basic but useful X.509 CA app integrated into its Keychain Access application.
-Kyle H On Mon, Mar 24, 2008 at 12:02 PM, Patrick Patterson <[EMAIL PROTECTED]> wrote: > 3: Your budget. If you are using raw OpenSSL for your CA, you probably don't > have a lot of cash to spend on infrastructure (since OpenSSL, while > technically very good, is missing some functionality that more capable tools > like Entrust, Microsoft CA, or Redhat Certificate Services have - which is > understandable, given that it is, first and foremost, a library, and not a CA > product). So you may not have the extra funds for an offline root (we > usually use a laptop, a dedicated HSM, and a good safe in a secure location), > and for it's operation (even though it's offline, you still need to, at least > periodically, issue CRLs (or, more correctly, an ARL)). ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
