> Ok, so far it's clear. But if you have a look at public certificate > chains, there exist so called "intermediate ca's" ... I thought the ra > would be one. That an ra-officer needs to check the request and needs to > check if the requester is really the requester ... I understand that > very well :o) !
Guess why it's called a Registration Authority and not a Certification Authority... The RA never issues certificates, it's strictly for approval of certificate or revocation requests. This is common sense in PKIs, not only in OpenCA. If you want to built an intermediate CA, you will have to create another instance of the CA node, complete with the corresponding RA node. > But there's one question left. What about the ra-operator certificate ? > I generated it, when I initialized the ca. But when I want to install it > on the ra-machine, its not possible .... I mentioned this behaviour > before. If I try to download the certificate, its not the ra-operators > one that is shown, but the last user certificate that was issued. How do > I get the ra-operators certificate in my browser on the ra machine ? An RA Operator certificate is exactly this, a user certificate giving an individual the necessary credentials to act as Registration Officer. cheers Martin ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
