Hi, > I think this is an issue for the future, but want to here your opinions... > > I need to issue two different kinds of certs, User-Certs for > Mailsigninng and Servercerts for Web/Mailservers. > I want to have an own SubCA-Key for both of them
I asked roughly the same some weeks ago. We will have to do the same, on the long run I think we will be running at least three Sub CAs on the same level, very similar to: > +MyRootCA > ++ServerCA > +++wwwserver1 > +++wwwserver2 > ++UserCA > +++Oliver > +++Peter > As it makes not really a difference when issuing the certs I want to > have all together in one OpenCA Interface Setup, so one RA and one > "CA-Interface" > > Is this a totally stupid idea or is it worth some future plans ?? It is not stupid and I'd appreciate this. Perhaps we can discuss this during our workshop. For the time being, I think the best way to go is set up separate instances of OpenCA with separate web frontends, e. g. https://ca.example.com/ServerCA/pub/ and https://ca.example.com/UserCA/pub/ You get the idea. Using the db_namespace feature you can separate the database tables between instances. I think currently that's the way to go. Martin ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
