Hello, I am new to the wonderful world of PKI and X.509 but after tons of reading I have more questions then answers. I haven't been able to get OpenCA to work yet either!
What I am looking at is creating and installing certificates for IPSec devices in a production enviroment. Generating a uniqe certificate for every device and installing it in a prodcution line will be rather time consuming so I'm trying to figure out what the options are. Must the certificate request generated by RA be signed by the CA before it can be installed into the device? The ideal would be if the device can request a certificate from a production site RA/CA and then download it to the device and the CA database is transported to the "real" CA but this requires that the production setup is an exact match to the real CA considering address, CA public key, certificate serials, right? Using the real CA (e.g. request is sent when customer plugs it in) presents a problem since the only thing uniqe is the serial number and then anybody can get a valid certificate as long as they provide a correct serial number. One idea I have is to install one batch certificate e.g. same pulic key and then the CA would be able to match the certificate with the serial number and complete the certificate, or issue a new one? TIA /Stefan This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you. E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof. ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
