This question really doesn't belong in RT, especially as I have no
means of contacting the original author directly. So, I'm CC:ing both
the dev list (where it originally showed up) and the users list (where
it really belongs).

I'm confused as to what you mean by "High-Assurance". If you mean
"so-high-assurance that two or more people are required to enter
passphrases to decrypt the root key", you will need an ENGINE module
that supports hardware that does so. OpenSSL will support that with
the appropriate module.

If you mean "High Assurance" in the sense of "must verify identity in
highly-trustable ways", that's an administrative and policy issue.
OpenSSL was never meant to act as a full Certificate Authority; though
some people are using it as such. Products that integrate OpenSSL
into a more fully-fledged CA policy framework (such as OpenCA, at
http://www.openca.org/ ) are available, and may suit your needs more.

-Kyle H

On 10/11/06, Vijay Sitaram via RT wrote:
>
> Hi,
>
> Is it possible to create a High-Assurance Root CA using openssl? So far I have not been able to find any information regarding this. Perhaps it should be added to the FAQ list.
>
> Kind regards,
>
> Vijay

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org