Re: Peer-to-peer SSL/TLS best practices/strategy
Re: Peer-to-peer SSL/TLS best practices/strategy
- Subject: Re: Peer-to-peer SSL/TLS best practices/strategy
- From: "Quinn \"The Eskimo!\"" <email@hidden>
- Date: Thu, 13 Dec 2012 09:53:18 +0000
On 13 Dec 2012, at 01:14, John Pannell <email@hidden> wrote:
> Let's say I've embedded a custom, self-signed root certificate in my app (just the cert, no private key). Could I create new, unique certificates in each instance of the app, rooted to the custom root, that are then used to secure the communications channels between instances of the app?
No. When certificate A issues certificate B, it must /sign/ the data within certificate B. You can only do this if you have certificate A's private key. This is the cornerstone of X.509 certificate trust.
Share and Enjoy
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden