> So i want to know how will my client authenticate the server > since i don't have the server's root certificate?
> Thanks in Advance.. > Regards > Alok Bhatnagar That is completely application-dependent. The answer will depend on what makes the legitimate server different from an imposter. Your question is basically, "how can I detect an impostor?". And the answer is "as opposed to what?". For example, if the question is, "how can I tell the real amazon.com from an impostor who doesn't control that domain?" the answer is to see if the server presents a certificate with 'amazon.com' in the common name that is signed by a CA you trust. If you don't know what CAs you trust, then you have a problem. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
