-- ------------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] Rechenzentrum - Datacenter Email (work): [EMAIL PROTECTED] Humboldt-University of Berlin Tel.(work): +49 (0)30-2093 2482 Unter den Linden 6 Fax.(work): +49 (0)30-2093 2959 10099 Berlin Germany [OpenCA Core Developer] http://openca.sourceforge.net
Hi, I work on some other problems: * PIN is hashed by SHA-1 * ROLE is now available for all requests * the certs are now PKIX-, S/MIME v3- and S/MIME v2-compliant (issueCertificate set the subjectAltName explicit and the dn can be configured via ca.conf. The email must not be included into the DN (S/MIME v3 and PKIX) but the email is part of the cert via subjectAltName (S/MIME v2).) * the request's serial can be stored in the dn: - dn is unique at every time without the email - we can use the PIN of the request for revocation - renewal is possible only if the operator now the certificate * you can use a single server for testing and initialization (and online-CAs if you are really brave) * CA can issue certs from pending requests (for initialization) * full transaction support via OpenCA::DBI (if the last $db->blabla fails then DBI performs a rollback) * RBAC Michael ------------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] Rechenzentrum - Datacenter Email (work): [EMAIL PROTECTED] Humboldt-University of Berlin Tel.(work): +49 (0)30-2093 2482 Unter den Linden 6 Fax.(work): +49 (0)30-2093 2959 10099 Berlin Germany [OpenCA Core Developer] http://openca.sourceforge.net
