> It would be great if somebody could answer a few questions for me. Really, a lot of questions... :-)
> 1. While defining custom certificate profiles (using Openssl extfiles I > presume) does it have > the ability to include the appropriate key usages and exteded key usages. Your presume is correct. In the extfiles you can define everthing you know about openssl configuration about certificates. Every new feil defines a new "role". Modifiing the pub.conf, you can define new user groups. The groupname defines the default OU entry. DN entrys can be changed by editing the cert-req. All other things are defined in the extfiles > 2. Does this solution have the ability to include Basic constraints for > certificates. Yes, see 1. > 6. Ability to publish certificates to a directory whenever a certificate > is > issued or all certificates issued. > (Also can OpenCA integrate with directory server like I-Planet) seens not to be planed, because CA "should" not be online. LDAP servers like openldap can be used. So far I know only manually using the ldap-webinterface > 8. Does OpenCA support suspension and revocation of certificates also? So far I see it, after a revocation request from a user the certificate is suspended. > 11. Can OpenCA support distributed RAs / distribued servers to handle > large > capacity loads.? If this supports multiple levels of CAs and RAs > then is there a limitation for the depth of these levels. Sub-CAs are supported, but i never used, so I dont know more Well, I can't answer them all, because I'm also evaluating the OpenCA, but then simple ones.... So if someone find that my answers aren't correct, please correct them! Regards, Claudio Thomas
smime.p7s
Description: S/MIME cryptographic signature
