Hi, I was wondering on how to implement the following two requirements:
1. Create a group of RA administrators explicitly named by DNs (no OU or DC stuff) Only this group should be able to approve certificates via the RA interface. Background information: these RA officers will be using a SmartCard for personal identification. These SmartCards are issued by a CA that is completely unrelated to the OpenCA PKI. What I want to do now is to explicitly name the DNs of the SmartCards that should be allowed to approve requests. This leads to 2. Trust a second Root CA (the one issuing the above mentioned SmartCards). This should enable OpenCA to accept signatures created by certificates from this second PKI in addition to its own. Is there a way to do this currently? Is it as simple as adding the second Root CA cert to the chain directory? cheers Martin ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
