> However, instead of using the common name, I would like to use the role > of the certificate : CA Operators can access some things, RA Operators > some other, Users can not, etc... > > How is that done? Can the Role be joined to the DN? How?
Don't know whether 'Role' can be pushed as part of DN while generating the certificate, but your access control requirements can be done by RBAC. Enable RBAC either at the time of openca build process or by manually changing the configuration file ..... All it does is, extract cert information from the client browser/token ( serial no ) and match it with the backend database to identify the Role..... After all, checking against your *secure db* for existance will always be the better solution... HTH, venki. ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
