On Fri, Oct 04, 2013 at 10:05:08PM -0400, Dave Thompson wrote: > > 1) is this a reasonable thing to do? > > Yes.
Ok thanks. That's reassuring. > You don't say why you chose to generate keys centrally. In case you didn't > know, even with your own CA you *can* still use the conventional process of > generate key+CSR on user system, send CSR to CA, CA issues cert, send cert > back to user system, use. That avoids some possible exposures but not all. This setup will be for a network of low-powered environmental monitoring stations. These will be set up and configured at "head office" and then physically taken to a site and installed there. So for now its easy to just do all the generating in one place. It's handy to know we have other options though, thanks. -- Diplomacy is telling someone to go to hell in such a way that they'll look forward to the trip ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
