We have a couple of top level domains in the company but not all of them are supported by those that process certificate requests. I don't know if and to what extent there is a name constraint, if I try to get a certificate for <mainframe_domain.com> they simply reject it because it's not the "correct" domain name.
Well, based on the replies, I think I'd best not include CRL/OCSP and test this option. After all, it's just to enable SSL/TLS in our IP communication. Only for internal servers and only for a limited group of people. So less work on it would be better. Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen, Berry van Sleeuwen Flight Forum 3000 5657 EW Eindhoven -----Original Message----- From: Linux on 390 Port <[email protected]> On Behalf Of Alan Altmark Sent: Monday, June 24, 2019 1:30 PM To: [email protected] Subject: Re: Building a Certificate Authority Which means you're not going to be a CA with all the rights, privileges, and responsibilities applying thereto, so don't worry about It. It sounds like they have a commercial signing certificate which has name constraints, and your domain names aren't in scope. That's weird. Regards, Alan Altmark IBM This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, Atos’ liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. On all offers and agreements under which Atos Nederland B.V. supplies goods and/or services of whatever nature, the Terms of Delivery from Atos Nederland B.V. exclusively apply. The Terms of Delivery shall be promptly submitted to you on your request. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
