On Mon, 7 Jan 2008, Wyllys Ingersoll wrote:
>Jan Pechanec wrote:
>> hi, it seems that pktool(1) doesn't export signing/verifying
>> capabilities of certificates that is present in underlying API. With signing
>> I mean to provide CSR and a cert/key reference (presumably one of CA) to use
>> for signing with CA's private key. Is there any plan to add such support?
>>
>> thanks, Jan.
>
>It was intentionally left out. Signing a CSR is really the job of a CA
>and we are not prepared to go down that path. One can easily write a
>small utility using KMF functions that will sign a CSR using a particular
>private key and generate a certificate, though.
I understand that. However, if one wants to create a small CA for
its internal purposes, for example, then OpenSSL or NSS must be used. Since
I can set CA certificate in the policy file for certificate verifications I
thought it would be a nice feature to be able to use KMF only. J.
--
Jan Pechanec
