Hi Jan,
But when I wanted to sign these requests on the ra, it was not possible, cause there was no certificate for signing. So I had to upload the requests to the ca, the ca signed em, downloaded them back to the ra and the certificates where issued. Fine .... but complicated.So I had the hope to be able to export my previously generated ra-operator certificate and import it into my browser, so that I can operate the ra using this certificate and sign all the incoming requests on the ra.Is that possible at all ?
No . you have not understod the system o a real CA.... The normal workflow is as follows: * User requests his certificate* User goes to the RA-Officer, he approves the request by signing the request with his certificate (this is the RA Operator Certificate)
* The approved requests (signatur == approval) are transfered to the CA * The CA Operator signs the requests with the Certificate of the Root-CA * The certificates are transfered back to RA and published Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
