Re: [OpenCA-Devel] Re: [openca-devel:589] CRRs and Export/Import

Wed, 04 Apr 2001 06:56:47 -0700 

Robert Joop wrote:
> 
> On 01-03-18 22:14:36 MET, Michael Bell wrote:
> > some news for all people who are waiting for CRRs ...
> 
> what's the basis for your CRR work?
> 
> as far as i can see,
> - X.509 doesn't define anything for CRRs?
> - RFC 2797 defines something, but openssl does not implement this, yet?
> - you defined something on your own?

I use the format which was used by the old code from Massimiliano. The
format is:

-----BEGIN CRR-----
Subject: Maze Schwan
E-Mail:
DN: [EMAIL PROTECTED]/CN=xyz/OU=Internet/O=HU/C=DE
Issued by: /CN=Root-CA/O=HU/C=DE
Not Before:
Not After:
Serial: 09
-----END CRR-----
-----BEGIN PKCS7-----
the signature
-----END PKCS7----

I will read the RFC. Thanks for the number ;-D

> btw, the CRR code is hard to get working, as there seem to be the config
> file entries missing, see bug #413688.

Sorry, we know this fact. Actually I try to find all these keywords and
Massimiliano prepares new config-files.

Regards Michael 

P.S. perhaps this helps a little bit

ca.conf
-------
pendingcrrbasesheet   "sheets/pending_crrs.html"
approvedcrrbasesheet  "sheets/approved_crrs.html"
archiviedcrrbasesheet "sheets/archivied_crrs.html"
deletedcrrbasesheet   "sheets/deleted_crrs.html"
 
CAChain          "/usr/local/OpenCA/chain"
ShowAsk4RevSheet "sheets/show_ask4rev.html"

raserver.conf
-------------
pendingcrrbasesheet   "sheets/pending_crrs.html"
approvedcrrbasesheet  "sheets/approved_crrs.html"
archiviedcrrbasesheet "sheets/archivied_crrs.html"
deletedcrrbasesheet   "sheets/deleted_crrs.html"
 
CAChain          "/usr/local/RAServer/chain"
ShowAsk4RevSheet "sheets/show_ask4rev.html"
RevSuccessPage   "sheets/revreq_success.html"
RevErrorPage     "sheets/revreq_error.html"

public.conf
-----------
NewAsk4RevSheet  "sheets/new_ask4rev.html"
ShowAsk4RevSheet "sheets/show_ask4rev.html"

(Attention, actually the CRRs are only tested with the DBI-module. I
don't know how good the support for CRRs is actually in the DB-module.
The changes there are on the way but perhaps not finished.) 
------------------------------------------------------------------------------
Michael Bell                               Email: [EMAIL PROTECTED]
Humboldt-University of Berlin       Email (work):
[EMAIL PROTECTED]
Unter den Linden 6                    Tel.(work): +49 (0)30-2093 2482
10099 Berlin                      Tel. (private): +49 (0)30-63 130 63
Germany                                                [OpenCA Core
Developer]

http://www.openca.org
http://openca.sourceforge.net

S/MIME Cryptographic Signature

Reply via email to