On Tuesday 02 December 2003 15:28, Patricia wrote:
Now, we have trouble with the administrator. How and when do you use the administrator's certificate? What operations does he sign? How do I configure the openca to use the administrator's certificate? Is the key pair of the administrator generated and stored in the HSM?
My experience of the administrator certificate is that you only use it to access the CA if you have enabled role based access control and you are protecting the CA apache server with client authenticated SSL.
OpenCA uses administrator certificates too if you sign approved requests. This is useful to protect approved requests against manipulations. The administrator certificate has not be requested on the CA. This is only a feature for the more comfortable initialization of the CA. The administrator keys must be seperate from the HSM.
My experience of HSM (I use a Chriysalis ITS SA) is that they are just used to create the root CA keys not for the user keys, of course they are used to sign the client certs !
The administrator certificate has not be requested on the CA. This is only a feature for the more comfortable initialization of the CA. The administrator keys must be seperate from the HSM.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
