Michael Bell wrote: > yesterday evening I run issueCertificate of OpenCA v0.9 successfully for > the first time. Perhaps you are smiling about this but here is a small > list with the new features:
:-D Hey...
Let me know if I am wrong with the following statemets:
> * public keys are checked to be unique
DB needs patching for this;
> * PINs can be used from the request or automatically generated
> * DN configuration
> * encrypted and signed PIN-mail
> * role-support
> * every role has it's own extfile and openssl configfile
Using the same form-type as the upcoming 0.8 version ?
> * if issueCertificate crashs before the cert was stored in the
> database then the old openssl state will be recovered
> * email subjAltName but not in the DN
Using the $ENV:: I guess, right ? Anyway this involves a problem on,
obviously, IE. The problem is that IE does not accept, I think, a
certificate with the DN different from the one in the corresponding
request. To be exact we should:
1. Put the EMAIL field into the HEADER of a request;
2. Using the HEADER->EMAIL value with the $ENV:: of the
config file;
> I hope we need no more new features so we can start serious testing.
I agree with you. Anyway I've been talking with some friends of the CSP
(Research Center) and they are willing to give us some features they
developed for their own porpouses. These are:
1. Full IE support (either in request/cert retrivial and
as RA Operator -- unsing a free activeX control);
2. Backup and Recovery tools (so one can do a full CA
backup/restore using the web interface. This is immediate
for the DB module but needs some patching for the DBI
one because simply achiving the files is not sufficient);
3. Exports/Imports of object sent from/to the Operator
Browser too (not only the removable media). This in some
env could be useful too.
> I will start with:
>
> general: new OpenCA::DBI (smaller and faster)
> 1. issuing certs
> 2. CRRs
DB module needs patching supporting CRRs (?).
> 3. RBAC
> The new installationcode in OpenCA v0.9 allows the creation of snapshots
> by yourself. You must only do the following:
What about the "external" modules ? We simply are going to say to people
them need certain modules as a prerequisite ? Do we check for them ?
I have patched a 0.9.6b of OpenSSL with some of the major needed patches,
can you check it against the 0.9 version ? You can find it in the FTP
site. There are also an openssl-pre-0.9.7 (either in .tar.gz and .rpm
formats) that should be working.
Let me know.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
