Re: Proper method to establish the PKI environment (Trusted Root Cert - and that pesky index.txt file thing)

I'm going to hop in here and mention that MacOSX has a basic but
useful X.509 CA app integrated into its Keychain Access application.

-Kyle H

On Mon, Mar 24, 2008 at 12:02 PM, Patrick Patterson
<ppatterson@carillonis.com> wrote:[color=blue]
> 3: Your budget. If you are using raw OpenSSL for your CA, you probably don't
> have a lot of cash to spend on infrastructure (since OpenSSL, while
> technically very good, is missing some functionality that more capable tools
> like Entrust, Microsoft CA, or Redhat Certificate Services have - which is
> understandable, given that it is, first and foremost, a library, and not a CA
> product). So you may not have the extra funds for an offline root (we
> usually use a laptop, a dedicated HSM, and a good safe in a secure location),
> and for it's operation (even though it's offline, you still need to, at least
> periodically, issue CRLs (or, more correctly, an ARL)).[/color]
______________________________________________________________________
OpenSSL Project [url]http://www.openssl.org[/url]
User Support Mailing List [email]openssl-users@openssl.org[/email]
Automated List Manager [email]majordomo@openssl.org[/email]