Hello,
my OpenCA (0.9.1.3) installation works fine with smartcards (i can create a cert with the card and then download on it). My question is: does OpenCA provide a way to install a whole chain (that is, CA cert + user cert) on a smartcard? Or, is there a way to save the single CA cert on it?
I tried to activate line "CERTSLIST => [$cacert,$fileName]);" in "getcert" file - this should save the chain on the card, is it right? But if I click on "Get requested certificate" in public interface, it says "Certificate installed", but I get only the user certificate on the card - there's no CA cert.
Thank you,
Alberto Venturini
Hello again,
after having read http://wp.netscape.com/eng/security/comm4-cert-download.html , I tried to create a chain (both PEM and pkcs7) and install it in Netscape/Mozilla.
To create the PEM chain, I simply concatenated user certificate and ca certificate files; then, I put them in a page declared with "Content-type: application/x-x509-user-cert".
To create the pkcs7 chain, I called
$cryptoShell->crl2pkcs7(OUTFORM => 'PEM', CERTSLIST => [$cacert, $fileName]);
(with $fileName being the user certificate file), and put the result in a page with the same declaration as above.
But I still can't get the CA certificate installed. The user certificate is installed, but the CA certificate is ignored. Has someone already had the same problem?
Basically, I'd like the user to get his/her certificate and the CA certificate toghether, without having to download the CA cert manually - and possibly I'd also like them to be saved on a smart card...
The smartcards which I see with PKCS#11 only knows two types of containers one for the private key and one for the matching certs. Did you checked the PKCS#11 specs? I never saw a CA certificate on a smartcard.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
