Hello everyone,
I was looking into OpenCA PKI solution and have been through some
documents.
It would be great if somebody could answer a few questions for me.
1. While defining custom certificate profiles (using Openssl extfiles I
presume) does it have
the ability to include the appropriate key usages and exteded key usages.
2. Does this solution have the ability to include Basic constraints for
certificates.
3. Are there appropriate APIs availabe to interface with other applications
and to customize
the functions of the CA.? (preferable the automatic enrollment process)
4. Does it have the capability for bulk issuance and/or bulk revocation of
certificates?
5. Support for multiple character sets (for international languages)?
6. Ability to publish certificates to a directory whenever a certificate is
issued or all certificates issued.
(Also can OpenCA integrate with directory server like I-Planet)
7. CRL related
7.1 Ability to configure the frequency and validity period of CRL
7.2 Ability to support CRL Distribution points
7.3 Ability to force generation of a CRL on an ad-hoc basis
7.4 Can it support large CRL sizes? Is there a limitation for the
number of revoked certificates that may apprear of the CRL.
8. Does OpenCA support suspension and revocation of certificates also?
9. I have seen that OpenCA packages in a OCSP daemon. Have a few questions
regarding that.
9.1 Are all the OCSP responses signed. (requests/responses over
SSLv3) ??
9.2 Are they capable of handling around 100 validations/min
without affecting system performance.
9.3 Can the OCSP signing key be a separate set of keys/certificates
used for signing requests/responses and OCSP server SSL
and can these keys be generated and operated within
an HSM that is FIPS 140-2 Level 3 compliant.
10. Scalability and Performance of OpenCA (Maximum number of certificates
which can be issued and the issuance rate e.g. 10 certs/min)
11. Can OpenCA support distributed RAs / distribued servers to handle large
capacity loads.? If this supports multiple levels of CAs and RAs
then is there a limitation for the depth of these levels.
Sorry for the lengthy set of questions. I am in the middle of an evaluation
and it would be
great if someone can provide me these answers.
Thanks,
Saby
************************************************************************
This E-mail is confidential. It may also be legally privileged. If you
are not the addressee you may not copy, forward, disclose or use any
part of it. If you have received this message in error, please delete
it and all copies from your system and notify the sender immediately
by return E-mail.
Internet communications cannot be guaranteed to be timely, secure,
error or virus-free. The sender does not accept liability for any
errors or omissions.
************************************************************************
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
