Hi Jochen, Stein, Jochen wrote:
But then there is another passphrase wanted: "The requested content is protected by a passphrase. Please enter the passphrase to access the content."
If you allow a user to download his key (and cert) then you must activate this feature on the RA interface. If you activate it then you set a passphrase at the RA and this is the passphrase the user needs.
Full scenario: 1. the user goes to the RA operator and ask for the new cert 2. RA operator checks for the ability 3. RA operator allows the download and sets the passphrase 4. RA operator give the user the additional passphrase 5. user downloads all and notice the RA op 6. the RA op erases the passphraseThis sounds really complicated but it is necessary to protect the key against brute force attacks. The background is simple. The key is usually protected by a passphrase which the user sets. Many of these passphrases are really weak. Therefore we do not allow unlimited access to such a private key via the webfrontend.
http://www.openca.info/docs/guide/html_chunked/ch07s04.html#id2550407 (OpenCA guide 4.2.2.2 private key downloads) Regards Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
