Hi,
congratulation - the first one who tries the batch system on 0.9.2 (and is no developer) :)
But what is the "standard" way the user gets his pkcs12 and passphrase? The User gets an email from the ra with a link to download the certificate, but where will he get his pkcs12 and the passphrase? I think the pkcs12 could be send by email and the passphrase for the pkcs12 should be available at the RA-Operator(live). But how can I configure this with OpenCA?
The problem for us is that there are many possible ways to rollout the PKCS#12 files and PINs. Therefore we don't implemented a default way until we know the first ideas of the users.
PKCS#12 files are exported to var/bp/dataexchange/pkcs12/. The directory is configured in etc/bp/bp.xml. The xml path is statemachine/functions/enrollment/pkcs12. The PINs must be explicitly exportet via the interface of the batch system. They are placed in var/bp/dataexchange/pin_list. The configuration is placed in etc/bp/bp.xml too. Please delete this file as fast as possible after you get it because these PINs are really sensitive. We use the file only to create some PIN mails (on paper) and then the file will be really fast deleted.
Do you use a special printer for the PINs like a bank for the ec-card or credit-card PINs? Does anyone how those printers are "named", because google with query "pin printer" isn't very successful.
Best regards Michael
--
Dipl.-Inform. Michael Konietzka Schlund + Partner AG
- Development UNIX - Brauerstra�e 48
Webservices D-76135 Karlsuhe
http://www.schlund.de/ Germany-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
