[Openswan Users] README.nss
wgillespie+openswan at es2eng.com
Mon Jan 24 09:06:15 EST 2011
On 01/23/2011 04:50 PM, Michael H. Warfield wrote:
> Philosophical thoughts on README.nss, though. As a cryptographer, I am
> morally offending by some of the things in there. It says to export the
> CA keypair to a pkcs12 .p12 file and import them onto other machines.
> Private keys should only exist on the machines to which they belong.
> That's fundamental. I can not possibly overstress that concept. Using
> pkcs12 requires including the private key (someone please correct me if
> I'm wrong on this with pointers to the correct openssl syntax to do it).
I haven't tried it, but is it possible with the -nokeys option of pkcs12?
More information about the Users