> The problem is not OpenCA. OpenCA manages the certificates by the serial
> and by the certificate itself. The problem is that we use OpenSSL to
> create the certificates. OpenSSL's index.txt cannot handle certificates
> with the same DN. Therefore OpenCA checks the DN.
>
> Dou you really need certificates with the same DN? There are two ways:
>
> 1. patch OpenSSL
> 2. - use a new (and empty )index.txt at every time
> - build a new index.txt from OpenCA's database if we try to issue a
> CRL
>
> Any comments to these ideas?
yes, michel. There are some situation where we r in need to issue 2 or more
certificates with the same DN. For example, in verisign managed pki module
they have an concept of dual key pairs. The idea is, backup management for
one private key. At the same time, they also want make sure non-repudiation
property, thus dual key pairs(One for decryption[back up private key] & one
for signing). In that case we need to issue two certificates with same DN.
i have been looking for solution to this in OpenCA. As you have given some
light
in your previous mail to set the variable SERIAL_IN ON , which by default in
0.9.0 version, i am able to issue 2 certs. But on the other day i noticed a
mail in our
list which states that while searching cert in ldap it gives two entries for
each cert
because of we have set the property SERIAL_IN .
so we need solution to work around this. might be patch openssl can help.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
