Hi, in addition to my previous observations there are some things related to email handling I'd like to address here.
1. PIN email I noticed that there seem to be problems with PIN emails. This seems to silently break if the email cannot be encrypted (S/MIME). In this case an empty message is sent. There is no log information and no error message for the administrator, it simply silently fails. This seems to be bad, as the PIN gets lost: I could not retrieve the certificate's private key from the server with the PIN entered by the user, the public interface reports that the pass phrase is incorrect. Could it be the case that a random PIN is generated and is used to encrypt the private key? In this case it is impossible to retrieve the client certificate. IMO it is desirable to make email behaviour configurable, at least with the following options: - use the PIN entered by the user in the CSR - explicitly send PIN unencrypted if not user certificate is available 2. Pending CSR notification Once a new CSR (or CRR) rolls in, it might be desirable to have an automatic notification via email to start the cert issuance workflow. This might either be triggered by an incoming request or perhaps by a scheduled event, e. g. once a day and sending out a summary about all pending requests. 3. Automatic email processing The pending emails seem to be spooled in the var/mail directory, and I understand that I have to manually issue the "Send email" command from the node interface. Can this be configured to send out pending email automatically? Should be possible via cron and perhaps the batch interface, I guess. Comments? cheers Martin ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
