Hi, > I've tested OpenCA (an old version to be honest) by issuing more than > 100000 certificates. The response times of course are a bit degraded. > I can say that the global functionality of OpenCA are not so much > influenced (only some pages regardings searches, but I think they can > be simply fixed). The most terrible issue however is OpenSSL and its > index.txt! With 100000 and more certificates the index.txt file is > about 19 megabytes and for every certificate you must wait a lot of > seconds and this is more and more notable when this number grows. I > know this is not to OpenCA related, but someone knows if there is a > project to enhance "index.txt" in a more performing solution ? Is the > nextgen OpenCA less dependent from the command line openssl ?
I have written a patch (and sent it to the OpenSSL developers) that improves the time of generating certificates with OpenSSL by simply adding new certs to the index.txt file. The slight problem is, that it doesn´t help for revocations, but they happen far more seldom anyway, so that shouldn´t be too much of a problem. I think I experienced a 100 times speedup due to the better index.txt handling. You can get the patch here: http://bugs.cacert.org/file_download.php?file_id=22&type=bug http://bugs.cacert.org/view.php?id=202 Best regards, Philipp Gühring ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
