'd like to receive more informations about the field of "private extensions" in X.509 certificates and, particularly, if they exists to the custom extensions.
1) In particulary, i'd like receive more information about chance to include custom attribute in certificate generate by OpenCa.
If you want to add your own extensions then you have simply to edit the extensionfiles of the different roles (OPENCADIR/etc/openssl/extfiles/*.ext). These are OpenSSL configuration files.
2) How can I add other fields in the Subject Alternative Name?(The default is the email address only)
Edit the field "subject alternative name" if you edit a request. The content fo the field is directly passed to OpenSSL. this means the syntax of this field must match OpenSSL's requirements.
3) Is it possible through the roles or the default configuration modifying the fields of a certificate with OpenCa? And, if that it is possible , how can it be made? For example, the fingerprint on the users certificate is an MD5 but I'd like a SHA1.
Yes, you can edit a request and change some fields, you can change the extensions in OPENCADIR/etc/openssl/extfiles/*.ext and you can change some other defaults in OPENCADIR/etc/openssl/openssl/*.conf (no typo!). The default digest can be modified in the roles openssl configuration file (OPENCADIR/etc/openssl/openssl/role_name.conf).
4) Is it possible to produce certificate only for signature or only for coding?
You can set the appropriate extensions in the OpenSSL configuration files but it depends on your applications. Some applications simply ignore the extensions but in general OpenCA can issue certificates for limited usage.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
