Michael Bell wrote:
>
> The problem is not OpenCA. OpenCA manages the certificates by the serial
> and by the certificate itself. The problem is that we use OpenSSL to
> create the certificates. OpenSSL's index.txt cannot handle certificates
> with the same DN. Therefore OpenCA checks the DN.
>
> Dou you really need certificates with the same DN? There are two ways:
>
> 1. patch OpenSSL
> 2. - use a new (and empty )index.txt at every time
> - build a new index.txt from OpenCA's database if we try to issue a
> CRL
>
> Any comments to these ideas?
I recognize and appreciate the efforts of developers contributing to any open
code project. IMO, a version of OpenSSL with the patch should be distributed
with the OpenCA code rather than trying to work around this need.
I could go into all the examples of duplicate DNs, but suffice it to say that
its a CA need to be able to issue multiple certs with the same DN.
Thanks for your response and suggestion.
Best regards,
Bill
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
