Thank you a lot, Jakob.I understood your answers and am quite satisfied too that the replies sound conceptually right. But it would be kind on your part if you answer some questions further. 1. Regarding question 3, I am using openssl 1.0.2e which supports named curve. Such a question had earlier been asked in this forum which says , such a message is only misleading but the certificate works fine. Here is the below link:"http://openssl.6102.n7.nabble.com/ECC-Self-Signed-Certificate-td17042.html#a17047".But I would like the certificate have a clean structure. How can that be done? 2.Regarding question 7, I am working to secure a middleware that will be deployed in control and monitoring systems, hence there would be know persons at the client side and the certificates I am using are self signed ones created using openssl 1.0.2e , hence there will be no public CAs . In such a scenario , how will the CA know that the private key has been compromised? If the private key gets compromised, then even the certificate can be forged ,then what is the use of CRL? Kindly answer. Thanks and regards, Suman Patro -- View this message in context: http://openssl.6102.n7.nabble.com/regarding-SSL-security-tp63504p63567.html Sent from the OpenSSL - User mailing list archive at Nabble.com.
