hallo Michael,
hi everybody
well i still can not bring ocsp to run!
I am using 0.9.1.1 and openssl 0.9.7b
I got some questions for better undestanding, under the restriction that I want to serve customer with Netscape AND IE:
1. What is the best place for ocsp?
RA or CA, because I am using two systems to simulate real world!
2. What shall I use as link for ocsp?
http, https or can it be ldap or did I missunderstood you or the docs?
3. May or may not be the same as the CRLDist...Point?
4. I uncommented authorityInfoAccess = OCSP;URI:https://ra.mydomain.de/ocsp but I dont have anything in the httpd.conf to respond to the link? What do I need?
5. I have also uncommented the next line
authorityInfoAccess = caIssuers;URI:http://ra.mydomain.de/cacert/cacert.crt
Is that o.k. or shall I better leave it untouched?
Beside that I have some further questions regarding other point, still under the same restriction (hope others will read and reply too):
a. What ist the suggested type of link to configure as CRLDistributionPoint and any else CRL-related points,
http, https, ldap or ldaps?
These links need to be configured in httpd.conf, right?
b. What about having RBAC on both RA and CA? I guess I might still not got the point of RBAC! As I understand the doc, it should help big rollouts and lower the maintanance!
What format does the user-list has to have to import it to RBAC if I want to have the user have sent their certificates?
Where does any system takes the passwords from or does OpenCA generates them by itself?
c. What does HSM and how can I make it run?
d. How do I prepare my CA for the case my CA-Certificate becomes unvalid, stolen or etc? Can I have a second certificate that overlaps the time to create a new certificate, simmilar to a Cross-CA-certificate?
Well this should be enough for now!
I might have some other anoying questions later! ;�))
best thanks
Nick
PgP-Fingerprint: 044B 65C4 07E3 F47C 9388 1CCE 3B43 038E 437C 1286
P.S. If you need any help regarding the docs, I might have spare hours!
==================================================
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
