Hi everyone... On a running install of OpenCA we discovered the following :
1) when we create a CSR (with openssl for instance on a separate serveur) and then we try to introduce it in OpenCA to create a certificate, the system claims that our CSR does not follow the rules and we need to correct to O= field or the certificate name. 2) when we create the CSR directly from the OpenCA Pub node, some defaults are applied concerning the fields OU=, O= in the distinguished name for the certificate name. Regarding this, we have three questions : a) Where can we modifiy these defaults ? We tried in openssl.cnf in /OpenCA/etc/openssl and in /openssl directly but no way. The way to use the policies (if i am right it has something to do with this) is really not clear and the behavior of this feature is not documented AFAIK. b) Can we specify different defaults for these fields, related to the type of certificate we want (User, Web, CAOperator, RAOperator, etc...) c) We really want to publish all the certificates and stuff in a OpenLDAP directory running on the RA node. Are we obliged to strictly follow the same distinguished name, in other words, the distinguished name in the certificate is the same than in the LDAP directory ? Many thanks in advance for your advice Francois ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
