Dmitrij Mironov wrote:
One more question today :o)By default DN base is O + C. Can it be only C ? There is no potencial security risk here? And how do youthink, is this is a doog idea at all?
Only C is really ugly because it implies that you maange all for one country which is not really true.
In my case I just need to issue certificates to more than one organisation, and I want to have an LDAP repository of issued certificates. Is it good idea to have as base only Country in LDAP and DN?
Two questions so two ansers too. First modern LDAP servers support more than one base per server. If there is for example a merger between two companies then you can configure two suffixes for an OpenLDAP server. OpenCA's LDAP interface support this too.
http://www.openca.info/docs/guide/openca-guide.html#id2810444The DN base can be only the country but I would recommend you to specifiy the organization in this case as a select field in the user frontends.
http://www.openca.info/docs/guide/openca-guide.html#id2803777 Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
