> Thanks Kyle, > > Here is my situation: > > I have a server which can sign certificates over tls(implemented in > both client and peer). > > I generate a public/private key pair for each peer now. > > I need a way so Peer A Trusts Peer B because. > > So, I am trying to figure out the best way to do this, can server sign > each peers certs and them trust each other?
Yes. The usual way to do this is: 1) Peer connects to server. 2) Peer and server exchange whatever information is needed for server to confirm peer's identity. 3) Server issues peer a signed certificate that vouches for its identity. 4) Peer disconnects from server. 5) Peer connects to peer. 6) Peer presents certificate it got from server. 7) Other peer validates certificate and knows peer's identity as established with the server. (It must also determine that the peer *owns* the certificate as opposed to just having a copy of it!) This requires the peers to be able to recognize that a certificate was signed by the server and is properly owned by the peer they're talking to. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
