I'm going to hop in here and mention that MacOSX has a basic but
useful X.509 CA app integrated into its Keychain Access application.

-Kyle H

On Mon, Mar 24, 2008 at 12:02 PM, Patrick Patterson
> 3: Your budget. If you are using raw OpenSSL for your CA, you probably don't
> have a lot of cash to spend on infrastructure (since OpenSSL, while
> technically very good, is missing some functionality that more capable tools
> like Entrust, Microsoft CA, or Redhat Certificate Services have - which is
> understandable, given that it is, first and foremost, a library, and not a CA
> product). So you may not have the extra funds for an offline root (we
> usually use a laptop, a dedicated HSM, and a good safe in a secure location),
> and for it's operation (even though it's offline, you still need to, at least
> periodically, issue CRLs (or, more correctly, an ARL)).

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org