Hi Robert,
- Is it possible to enter different expiration date for different certificates?
I think you can assign different times to different roles, but I think you cant do this per certificate
- Is it possible to revoke certificate from RA interface and have the possibility to revoke certificate from PUB interface?
You can request the revocation from the PUB when you know the CRIN (Revocation pin) or withput pin on the ra.
The revocation itself can only be done on the CA because it must be signed (its added to the revocation list which is then signed)
- Is there a functionality for renew certificate?
Yes - go to "archived request" and re-request it. But for security reasons you should NOT do this because you will "recycle" the keypair.
And I would like to understand the way, how user can get his certificate and private key, if he generate it on PUB OpenCA interface. For example, I want to create key pairs and certificate for web server. I create keys and CSR on PUB, then this request is approved on RA and certificate is issued on CA. Then I can get certificate for web server on web using PUB interface and /cgi/pki?cmd=getcert&key=10&type=CERTIFICATE. But this will send me only the certificate without private key. I can get private key (in encrypted form) from CA and RA interface, but can I get private key from PUB too (or is it denied for security reason)?I think it is disabled for security because the roll-out of the keys should be done in a more secure way - but Im not sure about this...
Oliver
-- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
