Jorge Moratilla Porras wrote: > Hi to all, i'm looking for info about the subject, as i need to make a > proof of concept and i need a pki product that can support this > functionallity. > > we have installed a freebsd openca with ldap on one standalone server, > so we can generate certificates, crl, etc. But we are looking for ocsp > support. We found and installed the standalone ocspd responder too but > we need to include in the certificates the AIAExtensions for OCSP to > check the validity of the certificate. > > If someone has done it before, could be so kind to give me some > directions or a little howto?
My understanding is that the AIA extensions point to the CA where to find up-to-date certificates. The CDP extensions point to up-to-date certificate revocation lists. Typically, the CDP would contain the OCSP server pretty early in the list, as it is where you want your "clients" to check certificate validity against. Rgds ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
