Hello dalini, [EMAIL PROTECTED] schrieb am 03.08.04 09:58:33: > > Gregor Bethlen wrote: > > > OK, understand this, but again, what happens when you exchange the > > certificates between the CAs? > > > you don't exchange certs between CAs, the one and only time the > root and a sub-ca interact is, when the sub-ca gets signed its cert > by the root-ca and when the sub-ca checks the root-ca crl >
Yes, meanwhile I realized, that you can't put certs up in the hierarchy. There's no such thing as UPLOAD_CERTIFICATES_STATES in config.xml. So my question was stupid ... sorry. One last thing: I can sign the SubCA-cert with the RootCA. Works fine (btw. is it worth a RFE to implement a feature in the CA, where you can import PKCS#10-reqs, so you don't have to install-pub on the RootCA?). What is the "original" way to publish the RootCA to the SubCA? I use dataexchange (again ;-)) to enroll the rootca-cert to subca, but I think this way the rootca doesn't get into the Certification-Chain in the subca (at least it looks like this. Can I test it?). You said the only time root- and sub-ca interact is at signing and when the sub-ca checks the root-ca crl. So the crl must get to the sub-ca, too. How is this done? (Dataexchange ;-)?) Thanks for your time, Gregor > > dalini > > -- > Ives Steglich Email: [EMAIL PROTECTED] > System Administration Tel.: +49 (0)3677 - 69 4382/4383 > Fax: +49 (0)3677 - 69 4399 > > Fraunhofer Institute for Digital Media Technology > Langewiesener Strasse 22 > 98693 Ilmenau Email (private): [EMAIL PROTECTED] > Germany http://www.openca.org > > > ------------------------------------------------------- > This SF.Net email is sponsored by OSTG. Have you noticed the changes on > Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, > one more big change to announce. We are now OSTG- Open Source Technology > Group. Come see the changes on the new OSTG site. www.ostg.com > _______________________________________________ > Openca-Users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/openca-users ____________________________________________________ Aufnehmen, abschicken, nah sein - So einfach ist WEB.DE Video-Mail: http://freemail.web.de/?mc=021200 ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
