Hi Johnny,
Yes You're right I mistaken some words (and terms ;-), but what I want to know if I can make a copy of that private key since ncipher to LunaCA3 or LunaSA, I think that could be possible once we have the passphrase of the private key, or not?
NO - one of the main issues of a hardware module is to protect the private key "till the end of life".
The problem is that if we create a new CA managed by OpenCA, we'll have to revoke all old issued certificates. That's the reason we want to copy the private key since there to here. But here appears another problem how to tell OpenCA about all issued certificates.
You wont have to revoke, it is no Problem that 2 CAs co-exist - you just have to make sure that you use differnt URLs for CRL and other services, so that e.g. the CRL keeps accessible through the current link.
You even dont have to keep the old ca running, as long as you dont have to revoke some certificates....
There is an excelent RedBook from IBM
http://www.redbooks.ibm.com/redbooks/pdfs/sg245512.pdf
that deal with Lifetimes of certificates etc, its not excactly what you need, but I should give you some background info... (around page 70)
Oliver
Thanks, Johnny
--- Oliver Welter <[EMAIL PROTECTED]> escribi�: > Hi Johnny,
I think you are talking not about the certifcate but
about the private key of the CA. You are unable to extract this von
the nCipher - thats waht is build for.
But there are some ppl on the list currently dealing
with nCipher Support, so perhaps you can reuse the nCipher
Hardware and the cert in OpenCA.
Oliver
Johnny Gonzalez wrote:
Hello Everybody,
I have my CA root certificate, the one that I have used to issue a lot of comercial certificates, I
have
this certificate stored in an ncipher, the
question
is: How can I retrieve that certificate from
OpenCA,
to start using OpenCA with that CA root
certificate
instead of creating a new one using the
initialization
steps??
The question is because the certificate is stored
in a
n-cipher, they are using commercial software
running
on MS Windows 2000 server, and they wanto to
switch to
OpenCA and Linux, The idea we have is: to make a backup of the CA root certificate to Luna CA 3 (because this HSM is fully supported by OpenCA,
isn't
it?) and then, once the certificate is in the new
HSM
(read it as Luna CA3) start using it with OpenCA, without having to start all the initialization
steps.
Is this possible?? How can I do that??
Thanks a lot, Johnny
______________________________________________________________________
Yahoo! lanza su nueva tecnolog�a de b�squedas �te atreves a comparar? http://busquedas.yahoo.es
-------------------------------------------------------
This SF.Net email is sponsored by: GNOME
Foundation
Hackers Unite! GUADEC: The world's #1 Open Source
Desktop Event.
GNOME Users and Developers European Conference,
28-30th June in Norway
http://2004/guadec.org _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
-- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s
______________________________________________________________________ Yahoo! lanza su nueva tecnolog�a de b�squedas �te atreves a comparar? http://busquedas.yahoo.es
------------------------------------------------------- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
-- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
